GMS-2016-73: Bypass CSP protection
Extension URIs (resource://...) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular’s auto-bootstrapping can be used to bypass the victim site’s CSP protection.
References
- github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5
- github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242
- github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6
- github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0
- github.com/mozilla/addons-linter/issues/1000
Detect and mitigate GMS-2016-73 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →