CVE-2016-1675

CWE-284Improper Access Control8 documents7 sources
Severity
8.8HIGH
EPSS
1.2%
top 21.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Google ChromeCanonical Ubuntu LinuxDebian Debian Linux+6 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDgoogle/chrome50.0.2661.102
Ubuntuoxide-qt< 1.15.7-0ubuntu0.14.04.1+1
Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-56h9-jw82-669x: Blink, as used in Google Chrome before 512022-05-14
OSV
oxide-qt vulnerabilities2016-06-06
CVEList
CVE-2016-1675: Blink, as used in Google Chrome before 512016-06-05
OSV
CVE-2016-1675: Blink, as used in Google Chrome before 512016-05-31

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-06-06
Red Hat
chromium-browser: cross-origin bypass in blink2016-05-25

💬Community

1
Bugzilla
CVE-2016-1675 chromium-browser: cross-origin bypass in blink2016-05-26
CVE-2016-1675 (HIGH CVSS 8.8) | cvebase.io