CVE-2016-1697

HIGH

WebKit/Blink <51.0.2704.79 - SSRF

Title source: llm

Description

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Exploits (1)

github NO CODE 31 stars

by OpenSISE · cpoc

https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/Browser/CVE-2016-1697.html

View Code ZIP pw:eip

References (10)

[Patch] https://codereview.chromium.org/2021373003

[Issue Tracking] https://crbug.com/613266

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036026

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2992-1

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2016:1201

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3594

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

Scores

CVSS v3 8.8

EPSS 0.0184

EPSS Percentile 83.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (11)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 15.10

canonical/ubuntu_linux 16.04

debian/debian_linux 8.0

google/chrome < 51.0.2704.63

opensuse/leap 42.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

... and 1 more

Published Jun 05, 2016

Tracked Since Feb 18, 2026