CVE-2016-1706
CRITICALGoogle Chrome < 51.0.2704.106 - Sandbox Bypass via PPAPI IPC Message Origin Spoofing
Title source: llmDescription
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
References (11)
Core 11
Core References
Patch x_refsource_confirm
https://codereview.chromium.org/2069853002/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3041-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
Issue Tracking x_refsource_confirm
https://crbug.com/610600
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1485.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036428
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3637
Scores
CVSS v3
9.6
EPSS
0.0246
EPSS Percentile
82.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
google/chrome
< 51.0.2704.106
Published
Jul 23, 2016
Tracked Since
Feb 18, 2026