CVE-2016-5132 — Google Chrome vulnerability

CWE-2547 documents6 sources

Severity

8.8HIGHNVD

EPSS

1.6%

top 18.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJul 23

Latest updateMay 17

Description

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDgoogle/chrome51.0.2704.106

🔴Vulnerability Details

GHSA

GHSA-682g-9hxq-jvvv: The Service Workers subsystem in Google Chrome before 52↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2016-08-05

▶

OSV

CVE-2016-5132: The Service Workers subsystem in Google Chrome before 52↗2016-07-23

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-08-05

▶

Red Hat

chromium-browser: limited same-origin bypass in service workers↗2016-07-20

▶

💬Community

Bugzilla

CVE-2016-5132 chromium-browser: limited same-origin bypass in service workers↗2016-07-21

▶