CVE-2016-1632 — Google Chrome vulnerability

CWE-2646 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.2%

top 21.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedMar 6

Latest updateMay 17

Description

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDgoogle/chrome48.0.2564.116

🔴Vulnerability Details

GHSA

GHSA-ffm3-7v29-m7x8: The Extensions subsystem in Google Chrome before 49↗2022-05-17

▶

OSV

CVE-2016-1632: The Extensions subsystem in Google Chrome before 49↗2016-03-06

▶

📋Vendor Advisories

Red Hat

chromium-browser: bad cast in Extensions↗2016-03-02

▶

💬Community

Bugzilla

CVE-2016-3658 libtiff: out-of-bounds read in the TIFFWriteDirectoryTagLongLong8Array function↗2016-04-12

▶

Bugzilla

CVE-2016-1632 chromium-browser: bad cast in Extensions↗2016-03-03

▶