Arbitrary Module Loading Vulnerability in Google Chrome by Google
CVE-2016-1698

6.5MEDIUM

Key Information:

Vendor
Debian
Status
Debian Linux
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Vendor
CVE Published:
5 June 2016

Summary

The createCustomType function found in Google Chrome versions prior to 51.0.2704.79 has a flaw in its validation of module types. This vulnerability enables attackers to potentially load arbitrary modules or gain unauthorized access to sensitive information by exploiting a compromised definition. This issue can lead to various security ramifications, emphasizing the importance of updating the browser to mitigate potential risks.

References

http://googlechromereleases.blogspot.com/2016/06/stable-c...
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1201
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1036026
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.