June 2018 – Google Releases Security Update for Chrome

Content Security Policy (CSP) provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on that page.

Browser based XXS protection mechanism. Least privilege approach that whitelists content you trust. Nothing else will execute. Assumes that inline scripts are bad.

But………….

High CVE-2018-6148: Incorrect handling of CSP header

https://chromereleases.googleblog.com/search/label/Stable%20updates

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.