Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-1671
• https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
• https://issues.chromium.org/issues/41487933
• https://lists.fedoraproject.org/archives/list/[email protected]/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7
• https://lists.fedoraproject.org/archives/list/[email protected]/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3