EPSS
Percentile
82.5%
Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
bugzilla.redhat.com/show_bug.cgi?id=1568794
chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html