Google Chrome's Extensions Subsystem Vulnerability Allows Same Origin Policy Bypass
CVE-2016-1674

8.8HIGH

Key Information:

Vendor

Debian
Status
Debian Linux
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Vendor
CVE Published:
5 June 2016

What is CVE-2016-1674?

The extensions subsystem in Google Chrome prior to version 51.0.2704.63 has a security flaw that enables remote attackers to bypass the Same Origin Policy. This vulnerability can allow malicious actors to exploit the browser's handling of extensions, potentially leading to unauthorized access to sensitive data across different domains. Users of affected versions are encouraged to update their software to mitigate the risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/90876
vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://www.securitytracker.com/id/1035981
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.