CVE-2016-1676

CWE-284Improper Access Control6 documents6 sources
Severity
8.8HIGH
EPSS
1.5%
top 18.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Google ChromeDebian Debian LinuxOpensuse Leap+5 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

NVDgoogle/chrome50.0.2661.102
Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0

🔴Vulnerability Details

3
GHSA
GHSA-x2rc-63p9-cxrv: extensions/renderer/resources/binding2022-05-14
CVEList
CVE-2016-1676: extensions/renderer/resources/binding2016-06-05
OSV
CVE-2016-1676: extensions/renderer/resources/binding2016-06-05

📋Vendor Advisories

1
Red Hat
chromium-browser: cross-origin bypass in extension bindings2016-05-25

💬Community

1
Bugzilla
CVE-2016-1676 chromium-browser: cross-origin bypass in extension bindings2016-05-26
CVE-2016-1676 (HIGH CVSS 8.8) | extensions/renderer/resources/bindi | cvebase.io