June 18 17:00 — 18:00 Another CORS bug: the aftermath APPSEC.ZONE Russian In this short talk. I will go over a bug CVE-2019-5832 in Chrome’s XHR implementation, that I reported. We’ll discuss real and hypothetical consequences of exploiting the bug in the wild.