Prototype Misuse in Google Chrome Allows Bypass of Security Policies
CVE-2016-1676

8.8HIGH

Key Information:

Vendor
Debian
Status
Debian Linux
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Vendor
CVE Published:
5 June 2016

Summary

In Google Chrome before version 51.0.2704.63, a vulnerability exists in the extension bindings which improperly handles prototypes, potentially allowing remote attackers to circumvent the Same Origin Policy. This bypass can lead to unauthorized access to data across different domains, posing significant security risks to users. Keeping your browser up to date is essential to mitigating this issue and ensuring secure web browsing.

References

http://www.securityfocus.com/bid/90876
vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://www.securitytracker.com/id/1035981
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.