CVE-2016-1700

6 documents6 sources
Severity
7.5HIGH
EPSS
2.0%
top 16.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Google ChromeDebian Debian LinuxOpensuse Leap+5 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages7 packages

NVDgoogle/chrome51.0.2704.63
Ubuntuchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121+1
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0

🔴Vulnerability Details

3
GHSA
GHSA-m2cf-78xh-gv6m: extensions/renderer/runtime_custom_bindings2022-05-14
CVEList
CVE-2016-1700: extensions/renderer/runtime_custom_bindings2016-06-05
OSV
CVE-2016-1700: extensions/renderer/runtime_custom_bindings2016-06-05

📋Vendor Advisories

1
Red Hat
chromium-browser: use-after-free in extensions2016-06-01

💬Community

1
Bugzilla
CVE-2016-1700 chromium-browser: use-after-free in extensions2016-06-02
CVE-2016-1700 (HIGH CVSS 7.5) | extensions/renderer/runtime_custom_ | cvebase.io