This issue has been fixed.

19 CVE-2018-4944 284 Bypass of Content Security Policy via Stored XSS In Chrome prior to version 77, if a page was redirected via HTML5 or XHR, and that redirection used a redirect loop, an XSS flaw could be used to bypass Content Security Policy via a timing attack.
Redirecting to the same location with an HTML5 tag or XHR allows for Stored XSS on the target page. This combination is expected to provide XSS on the target page bypassing Chrome's Content Security Policy. This issue has been fixed.
Redirecting to the same location with an HTML5 tag or XHR allows for Stored XSS on the target page. This combination is expected to provide XSS on the target page bypassing Chrome's Content Security Policy. This issue has been fixed.

20 CVE-2018-4942 284 Bypass of Content Security Policy via Stored XSS In Chrome prior to version 77, if a page was redirected via HTML5 or XHR, and that redirection used a redirect loop, an XSS flaw could be used to bypass Content Security Policy via a timing attack.Redirecting to the same location with an HTML5 tag or XHR allows for Stored XSS on the target page. This combination is expected to provide XSS on the target page bypassing Chrome's Content Security Policy. This issue has been fixed.Redirecting to

^^

-  Current Issues
-  The 5 Most Common Mistakes in SEO
- Outsourcing SEO: What You Need to Know

Fixed in v 77

Redirecting to the same location with an HTML5 tag or XHR allows for Stored XSS on the target page. This combination is expected to provide XSS on the target page bypassing Chrome's Content Security Policy. This issue has been fixed.

Timeline

Published on: 09/26/2022 16:15:00 UTC
Last modified on: 10/03/2022 02:15:00 UTC

References