CVE-2016-5217Improper Access Control in Google Chrome

CWE-284Improper Access Control6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 19
Latest updateMay 14

Description

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgoogle/chrome54.0.2840.99

🔴Vulnerability Details

2
GHSA
GHSA-g2xq-29jh-wv3h: The extensions API in Google Chrome prior to 552022-05-14
OSV
CVE-2016-5217: The extensions API in Google Chrome prior to 552017-01-19

📋Vendor Advisories

1
Red Hat
chromium-browser: use of unvalidated data in pdfium2016-12-01

💬Community

2
Bugzilla
CVE-2016-5217 chromium-browser: use of unvalidated data in pdfium2016-12-02
Bugzilla
chromium: various flaws [fedora-all]2016-12-02