CVE-2016-5206Improper Access Control in Google Chrome

CWE-284Improper Access Control7 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 48.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 14

Description

The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

2
GHSA
GHSA-7mq4-q26p-5pj7: The PDF plugin in Google Chrome prior to 552022-05-14
OSV
CVE-2016-5206: The PDF plugin in Google Chrome prior to 552017-01-19

📋Vendor Advisories

1
Red Hat
chromium-browser: same-origin bypass in pdfium2016-12-01

💬Community

3
Bugzilla
Cross-origin information leakage via redirected PDF requests2020-12-22
Bugzilla
chromium: various flaws [fedora-all]2016-12-02
Bugzilla
CVE-2016-5206 chromium-browser: same-origin bypass in pdfium2016-12-02