VYPR
Critical severity9.8NVD Advisory· Published Mar 6, 2016· Updated Jun 17, 2026

CVE-2016-1636

CVE-2016-1636

Description

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.