OVAL Reference oval:org.cisecurity:def:991

" element."> OVAL Reference oval:org.cisecurity:def:991 - CERT Civis.Net

Oval Definition:

oval:org.cisecurity:def:991

Revision Date:	2016-09-16	Version:	28
Title:	Content-Security-Policy bypass - CVE-2016-5135
Description:	WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2016-5135
Platform(s):	Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista	Product(s):	Google Chrome
Definition Synopsis
Google Chrome is installed AND Check if Google Chrome version is less than 52.0.2743.82