Exploitation Summary
EIP tracks 1 public exploit for CVE-2016-1674. PoCs published by OpenSISE.
Description
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Exploits (1)
github
NO CODE
31 stars
by OpenSISE · cpoc
https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/Browser/CVE-2016-1674
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/90876
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3590
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201607-07
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035981
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1190
Issue Tracking x_refsource_confirm
https://crbug.com/598165
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
Scores
CVSS v3
8.8
EPSS
0.0164
EPSS Percentile
73.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (8)
debian/debian_linux
8.0
google/chrome
< 50.0.2661.102
opensuse/leap
42.1
opensuse/opensuse
13.2
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
suse/linux_enterprise
12.0
Published
Jun 05, 2016
Tracked Since
Feb 18, 2026