CVE-2016-1638Improper Access Control in Google Chrome

CWE-284Improper Access Control5 documents5 sources
Severity
6.3MEDIUMNVD
EPSS
0.8%
top 26.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMar 6
Latest updateMay 17

Description

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

NVDgoogle/chrome48.0.2564.116

🔴Vulnerability Details

2
GHSA
GHSA-4pq7-5p7q-5pv5: extensions/renderer/resources/platform_app2022-05-17
OSV
CVE-2016-1638: extensions/renderer/resources/platform_app2016-03-06

📋Vendor Advisories

1
Red Hat
chromium-browser: WebAPI Bypass2016-03-02

💬Community

1
Bugzilla
CVE-2016-1638 chromium-browser: WebAPI Bypass2016-03-03