CVE-2016-5173Improper Access Control in Google Chrome

CWE-284Improper Access Control6 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.7%
top 26.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedSep 25
Latest updateMay 14

Description

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages1 packages

NVDgoogle/chrome53.0.2785.101

🔴Vulnerability Details

2
GHSA
GHSA-cc38-973q-x8xv: The extensions subsystem in Google Chrome before 532022-05-14
OSV
CVE-2016-5173: The extensions subsystem in Google Chrome before 532016-09-25

📋Vendor Advisories

1
Red Hat
chromium-browser: extension resource access2016-09-13

💬Community

2
Bugzilla
CVE-2016-5173 chromium-browser: extension resource access2016-09-14
Bugzilla
CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 chromium: various flaws [fedora-all]2016-09-14