Skip to content

@cure53 cure53 released this Sep 19, 2019 · 87 commits to master since this release

  • Fixed a bypass affecting latest Chrome, caused by a newly discovered Chrome mXSS vulnerability
  • Added tests to cover implemented fixes

Credits go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into a DOMPurify bypass, reported and helped verifying the fix. 🙇

Assets 2
You can’t perform that action at this time.