CVE-2016-5144Improper Access Control in Google Chrome

CWE-264CWE-284Improper Access Control11 documents6 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
1.4%
top 19.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedAug 7
Latest updateMay 17

Description

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDgoogle/chrome52.0.2743.82

🔴Vulnerability Details

5
GHSA
GHSA-9mg3-5jw3-fgp2: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 522022-05-17
GHSA
GHSA-w2gg-cp64-r9xq: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 522022-05-17
OSV
oxide-qt vulnerabilities2016-09-14
OSV
CVE-2016-5143: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 522016-08-07
OSV
CVE-2016-5144: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 522016-08-07

📋Vendor Advisories

3
Ubuntu
Oxide vulnerabilities2016-09-14
Red Hat
chromium-browser: Parameter sanitization failure in DevTools2016-08-03
Red Hat
chromium-browser: Parameter sanitization failure in DevTools2016-08-03

💬Community

1
Bugzilla
CVE-2016-5144 chromium-browser: Parameter sanitization failure in DevTools2016-08-04