CVE-2016-1671Path Traversal in Google Chrome

CWE-22Path Traversal5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 57.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMay 14
Latest updateMay 17

Description

Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDgoogle/chrome50.0.2661.87

🔴Vulnerability Details

2
GHSA
GHSA-pv9g-c5hj-738x: Google Chrome before 502022-05-17
OSV
CVE-2016-1671: Google Chrome before 502016-05-14

📋Vendor Advisories

1
Red Hat
chromium-browser: directory traversal using the file scheme on android2016-05-11

💬Community

1
Bugzilla
CVE-2016-1671 chromium-browser: directory traversal using the file scheme on android2016-05-12