← LibraryTechnique entry
BX-MV3-CSP-BYPASSDefense Evasion
Manifest V3 CSP Bypass
MV3 limits inline eval, but extension still uses dynamically built script via chrome.runtime.getURL + injected <script> — bypass-able by malicious site.
§ Where this technique fits
BX-MV3-CSP-BYPASS is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.