Vulnerability in Google Chrome Extensions Allows Bypass of Same Origin Policy
CVE-2016-1658
4.3MEDIUM
Key Information:
- Vendor
Novell
- Vendor
- CVE Published:
- 18 April 2016
What is CVE-2016-1658?
The Extensions subsystem in specific versions of Google Chrome has a weakness in how it handles origin comparisons via the GetOrigin method. This issue allows remote attackers to potentially bypass the Same Origin Policy, thus gaining unauthorized access to sensitive information through cleverly crafted browser extensions. Users of affected versions should consider updating their browser to mitigate this vulnerability.