4 comments

[ 2.9 ms ] story [ 20.9 ms ] thread
This seems to be explained in better detail by https://bo0om.ru/chrome-and-safari-uxss. Working via Google Translate, the claim seems to be that using MHTML and XSLT allows you to bypass the sandboxing rules and inject JavaScript that bypasses the same-origin policy.

The linked blog credits a Chromium patch that led to the discovery of this exploit: https://chromium-review.googlesource.com/c/chromium/src/+/65...

This is available before the security issue is expected to be made public in 14 weeks window & exactly why you need to keep whatever Chromium engine in your application up-to-date.