CVE-2016-5137

MEDIUM

Google Chrome < 51.0.2704.106 - Information Disclosure

Title source: rule

Description

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.

References (13)

[Patch] https://codereview.chromium.org/2125873003

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-1485.html

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036428

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3041-1

[Issue Tracking] https://crbug.com/625945

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92053

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3637

[Third Party Advisory] https://security.gentoo.org/glsa/201610-09

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

Scores

CVSS v3 4.3

EPSS 0.0101

EPSS Percentile 76.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

google/chrome < 51.0.2704.106

Timeline

Published Jul 23, 2016

Tracked Since Feb 18, 2026