CVE-2016-1656 — Improper Access Control in Google Chrome

CWE-284 — Improper Access Control8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Opensuse Leap Suse Linux Enterprise

Timeline

PublishedApr 18

Latest updateMay 14

Description

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/chrome49.0.2623.112

▶NVDopensuse/leap42.1

Also affects: Linux Enterprise 12.0

🔴Vulnerability Details

GHSA

GHSA-g375-749q-973m: The download implementation in Google Chrome before 50↗2022-05-14

▶

CVEList

CVE-2016-1656: The download implementation in Google Chrome before 50↗2016-04-18

▶

OSV

CVE-2016-1656: The download implementation in Google Chrome before 50↗2016-04-18

▶

📋Vendor Advisories

Red Hat

chromium-browser: android downloaded file path restriction bypass↗2016-04-13

▶

💬Community

Bugzilla

CVE-2016-1656 chromium-browser: android downloaded file path restriction bypass↗2016-04-14

▶

Bugzilla

CVE-2016-2193 postgresql: row security policies in prepared statements disregard user ID changes↗2016-03-21

▶

Bugzilla

CVE-2016-3065 postgresql: memory disclosure in pageinspect functions↗2016-03-21

▶