Information Exposure Vulnerability in Google Chrome by Google
CVE-2016-1687

6.5MEDIUM

Key Information:

Vendor

Debian
Status
Debian Linux
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Vendor
CVE Published:
5 June 2016

What is CVE-2016-1687?

The renderer implementation in Google Chrome prior to version 51.0.2704.63 exhibits a flaw that fails to adequately restrict the public exposure of certain classes. This vulnerability can be exploited by remote attackers, enabling them to extract sensitive information through various vectors associated with Chrome extensions. Addressing this flaw is crucial for maintaining user privacy and data security.

References

https://codereview.chromium.org/1938123002
x_refsource_CONFIRM
https://crbug.com/603748
x_refsource_CONFIRM
https://codereview.chromium.org/1939833003
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.