CVE-2016-1664
published 2016-05-14CVE-2016-1664: The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction…
medium4.3CVSS 3.0
AVNACLPRNUIRSUCNILAN
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 50.0.2661.87 | — | |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop_supplementary | — | — |
| redhat | enterprise_linux_server_supplementary | — | — |
| redhat | enterprise_linux_server_supplementary_eus | — | — |
| redhat | enterprise_linux_workstation_supplementary | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM