CVE-2016-5168
HIGHGoogle Chrome < 50.0.2661.91 - Same Origin Policy Bypass via Skia
Title source: llmDescription
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
https://www.contextis.com//documents/2/Browser_Timing_Attacks.pdf
Issue Tracking x_refsource_confirm
https://bugs.chromium.org/p/chromium/issues/detail?id=586820
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/89106
Release Notes, Vendor Advisory x_refsource_confirm
https://chromereleases.googleblog.com/2016/04/stable-channel-update_28.html
Scores
CVSS v3
7.5
EPSS
0.0171
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-346
Status
published
Products (1)
google/chrome
< 50.0.2661.91
Published
Apr 21, 2017
Tracked Since
Feb 18, 2026