A vulnerability in Google s Chromium-based browsers would allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code. The bug (CVE-2020-6519) is found in Chrome, Opera and Edge, on Windows, Mac and Android potentially affecting billions of web users. CSP allows web admins to specify the domains that a browser should consider to be valid sources of executable scripts. Most websites use CSP, including ESPN, Facebook, Gmail, Instagram, WhatsApp, WhatsApp and Zoom.
Source: https://threatpost.com/google-chrome-bug-data-theft/158217/