CVE-2016-1656

HIGH

Google Chrome <50.0.2661.75 - Open Redirect

Title source: llm

Description

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.

Exploits (1)

github WORKING POC 31 stars

by OpenSISE · cpoc

https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/Browser/CVE-2016-1656

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-0638.html

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html

[Issue Tracking] https://crbug.com/570750

[Third Party Advisory] https://security.gentoo.org/glsa/201605-02

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html

Scores

CVSS v3 7.5

EPSS 0.0040

EPSS Percentile 61.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-284

Status published

Products (3)

google/chrome < 49.0.2623.112

opensuse/leap 42.1

suse/linux_enterprise 12.0

Published Apr 18, 2016

Tracked Since Feb 18, 2026