UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce the problem:
1. Have recent version of Kaspersky Internet Security (I have 19.0.0.1088(d)) 
2. Go to https://www.google.com/recaptcha/api2/demo
3. Open inspector to observe the CSP error

What is the expected behavior?
- There should not be a violation of Content Security Policy.

- I have already contacted Kaspersky Support from Twitter, they responded and said they are working on it. But it is taking deceptively long for an issue like this. I'm not sure if they contacted you about it.

What went wrong?
I'm not sure, but I guess the new "script-dynamic" directive negates host based whitelisting, which is already included as "https://gc.kis.v2.scr.kaspersky-labs.com wss://gc.kis.v2.scr.kaspersky-labs.com". So the net affect as if the javascript source is loaded from an unauthorized address.

Did this work before? N/A 

Chrome version: 71.0.3578.98  Channel: stable
OS Version: 6.3
Flash Version: 

I could have given example from my own projects, but I guess giving https://www.google.com/recaptcha/api2/demo example is sufficient. For the ones that wants the entire error thrown:

<<<ERROR>>>
Refused to load the script 'https://gc.kis.v2.scr.kaspersky-labs.com/0FE6D860-C840-B14E-8169-52D490BF4243/main.js' because it violates the following Content Security Policy directive: "script-src 'report-sample' 'nonce-NTJ0Apuu4981AE2Uzv6ZqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' https://gc.kis.v2.scr.kaspersky-labs.com wss://gc.kis.v2.scr.kaspersky-labs.com". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
<<<ERROR>>>