CVE-2016-1696
HIGHGoogle Chrome < 51.0.2704.79 - Same Origin Policy Bypass via Extensions Bindings
Title source: llmDescription
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
References (9)
Core 9
Core References
Issue Tracking x_refsource_confirm
https://crbug.com/601073
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1201
Patch x_refsource_confirm
https://codereview.chromium.org/1866103002
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036026
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3594
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
Scores
CVSS v3
8.8
EPSS
0.0145
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-254
CWE-284
Status
published
Products (8)
debian/debian_linux
8.0
google/chrome
< 51.0.2704.63
opensuse/leap
42.1
opensuse/opensuse
13.2
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
suse/linux_enterprise
12.0
Published
Jun 05, 2016
Tracked Since
Feb 18, 2026