CVE-2016-1616Google Chrome vulnerability

CWE-2545 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 25
Latest updateMay 17

Description

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDgoogle/chrome47.0.2526.106

🔴Vulnerability Details

2
GHSA
GHSA-www5-9vg5-jcq3: The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button2022-05-17
OSV
CVE-2016-1616: The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button2016-01-25

📋Vendor Advisories

1
Red Hat
chromium-browser: various fixes from internal audits2016-01-20

💬Community

1
Bugzilla
CVE-2016-1616 chromium-browser: various fixes from internal audits2016-01-22