CVE-2016-1673

HIGH

Google Chrome <51.0.2704.63 - CSRF

Title source: llm

Description

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Exploits (1)

github NO CODE 31 stars

by OpenSISE · cpoc

https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/Browser/CVE-2016-1673

View Code ZIP pw:eip

References (11)

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035981

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2992-1

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2016:1190

[Issue Tracking] https://crbug.com/597532

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90876

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3590

[Third Party Advisory] https://security.gentoo.org/glsa/201607-07

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

Scores

CVSS v3 8.8

EPSS 0.0153

EPSS Percentile 81.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (11)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 15.10

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

google/chrome < 50.0.2661.102

opensuse/leap 42.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

... and 1 more

Published Jun 05, 2016

Tracked Since Feb 18, 2026