CVE-2016-1674

HIGH

Google Chrome <51.0.2704.63 - CSRF

Title source: llm

Description

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Exploits (1)

github NO CODE 31 stars

by OpenSISE · cpoc

https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/Browser/CVE-2016-1674

View Code ZIP pw:eip

References (10)

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035981

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2016:1190

[Issue Tracking] https://crbug.com/598165

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90876

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3590

[Third Party Advisory] https://security.gentoo.org/glsa/201607-07

Scores

CVSS v3 8.8

EPSS 0.0150

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (8)

debian/debian_linux 8.0

google/chrome < 50.0.2661.102

opensuse/leap 42.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

suse/linux_enterprise 12.0

Published Jun 05, 2016

Tracked Since Feb 18, 2026