CVE-2016-1629

CWE-26410 documents8 sources

Severity

9.8CRITICAL

EPSS

3.2%

top 12.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Debian Linux Novell Suse Package HUB FOR Suse Linux Enterprise +2 more

Timeline

PublishedFeb 21

Latest updateMay 14

Description

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDgoogle/chrome48.0.2564.109

▶Ubuntuoxide-qt< 1.12.7-0ubuntu0.14.04.1

▶Ubuntuchromium-browser< 48.0.2564.116-0ubuntu0.14.04.1.1111

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-wmvx-5x24-hgvx: Google Chrome before 48↗2022-05-14

▶

OSV

oxide-qt vulnerability↗2016-02-23

▶

OSV

CVE-2016-1629: Google Chrome before 48↗2016-02-21

▶

CVEList

CVE-2016-1629: Google Chrome before 48↗2016-02-21

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free↗2019-01-25

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerability↗2016-02-23

▶

Red Hat

chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome↗2016-02-18

▶

💬Community

Bugzilla

CVE-2016-3658 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function↗2016-04-12

▶

Bugzilla

CVE-2016-1629 chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome↗2016-02-19

▶