Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-6519 PoC — Google Chrome CSP 安全漏洞

Source
https://github.com/PerimeterX/CVE-2020-6519
Associated Vulnerability
Title:Google Chrome CSP 安全漏洞 (CVE-2020-6519)
Description:Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Readme
# Chromium 83 Zero Day Full CSP Bypass Cross Platforms

## [CVE-2020-6519](https://nvd.nist.gov/vuln/detail/CVE-2020-6519)

## [Technical Article](https://www.perimeterx.com/tech-blog/2020/csp-bypass-vuln-disclosure/)

## [POC](./POC) (as [reported](https://crbug.com/1064676) to the chromium project)

## [DEMO Vids!](./vids)
File Snapshot

 [4.0K]  /data/pocs/4936f3ab9c60842f238c483713a17c0aea84c91d
├── [4.8K]  CVE-2020-6519-TEST-IT-YOURSELF.js
├── [4.0K]  POC
│   ├── [ 374]  ALLOW_JAVASCRIPT_SCHEME.html
│   ├── [ 358]  BLOCK_JAVASCRIPT_SCHEME.html
│   ├── [ 121]  bypass-child-src.html
│   ├── [ 122]  bypass-object-src.html
│   ├── [  45]  bypass-script-src.js
│   ├── [ 599]  DEMO_LEGIT_FAIL.js
│   ├── [ 856]  DEMO_MALICIOUS_SUCCESS.js
│   └── [1.5K]  README.md
├── [ 327]  README.md
└── [4.0K]  vids
    ├── [ 33M]  CSP-BYPASS-DEMO.mkv
    └── [1.3K]  README.md

2 directories, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →