Cross-Site Scripting Vulnerability in Google Chrome Extensions
CVE-2016-1652

6.1MEDIUM

Key Information:

Vendor

Debian
Status
Debian Linux
Linux Enterprise
Leap
Vendor
CVE Published:
18 April 2016

What is CVE-2016-1652?

A cross-site scripting (XSS) vulnerability was identified in the ModuleSystem::RequireForJsInner function within the Extensions subsystem of Google Chrome prior to version 50.0.2661.75. This flaw allows remote attackers to inject arbitrary web scripts or HTML content through specially crafted websites, leading to potential unauthorized actions on behalf of users. Effective mitigation requires updating to the latest version of Google Chrome to eliminate the risks associated with this vulnerability.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0638.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.