CVE-2016-1697

CWE-284 — Improper Access Control9 documents7 sources

Severity

8.8HIGH

EPSS

1.8%

top 17.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Canonical Ubuntu Linux Debian Debian Linux +6 more

Timeline

PublishedJun 5

Latest updateMay 14

Description

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDgoogle/chrome51.0.2704.63

▶Ubuntuoxide-qt< 1.15.7-0ubuntu0.14.04.1+1

▶Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 8.0, Linux Enterprise 12.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

GHSA

GHSA-gqhx-qf2x-9ggq: The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader↗2022-05-14

▶

OSV

CVE-2016-1697: The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader↗2016-06-06

▶

CVEList

CVE-2016-1697: The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader↗2016-06-05

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-06-06

▶

Red Hat

chromium-browser: cross-origin bypass in blink↗2016-06-01

▶

💬Community

Bugzilla

CVE-2016-10140 zoneminder: Information disclosure and authentication bypass↗2017-01-17

▶

Bugzilla

CVE-2016-1697 chromium-browser: cross-origin bypass in blink↗2016-06-02

▶

Bugzilla

CVE-2016-2116 jasper: memory leak in jas_iccprof_createfrombuf()↗2016-03-03

▶