Cyber Security News

Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks

Cyware
Hackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting Attacks

This study uncovers critical vulnerabilities in HTTP/2 server push and Signed HTTP Exchange (SXG) features that allow attackers to bypass the Same-Origin Policy using shared certificates. These flaws affect major browsers and thousands of top websites, posing a significant security threat. #HTTP2 #SXG #CertificateSharing #CrossPUSH #CrossSXG

Keypoints

  • The vulnerabilities exploit shared TLS certificates to bypass Same-Origin Policy restrictions.
  • Attack techniques CrossPUSH and CrossSXG enable malicious resource delivery without network interception.
  • Major browsers like Chrome and Edge are vulnerable, impacting millions of websites and mobile apps.
  • Over 11,000 top websites are at risk due to shared certificate configurations and misconfigured DNS domains.
  • Industry stakeholders are urged to enforce stricter validation and remove insecure shared certificates.

Read More: https://gbhackers.com/hackers-exploit-http-2-flaw/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint