CVE-2016-1687

CWE-200 — Information Exposure7 documents6 sources

Severity

6.5MEDIUM

EPSS

2.2%

top 15.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Debian Linux Opensuse Leap +5 more

Timeline

PublishedJun 5

Latest updateMay 14

Description

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶NVDgoogle/chrome50.0.2661.102

▶Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

▶NVDredhat/enterprise_linux_server6.0

Also affects: Debian Linux 8.0, Linux Enterprise 12.0

🔴Vulnerability Details

GHSA

GHSA-89h7-p99q-pwx5: The renderer implementation in Google Chrome before 51↗2022-05-14

▶

CVEList

CVE-2016-1687: The renderer implementation in Google Chrome before 51↗2016-06-05

▶

OSV

CVE-2016-1687: The renderer implementation in Google Chrome before 51↗2016-06-05

▶

📋Vendor Advisories

Red Hat

chromium-browser: information leak in extensions↗2016-05-25

▶

💬Community

Bugzilla

CVE-2016-1687 chromium-browser: information leak in extensions↗2016-05-26

▶

Bugzilla

CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()↗2016-03-03

▶