Описание
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-1696
- https://access.redhat.com/errata/RHSA-2016:1201
- https://codereview.chromium.org/1866103002
- https://crbug.com/601073
- http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
- http://www.debian.org/security/2016/dsa-3594
- http://www.securitytracker.com/id/1036026
Связанные уязвимости
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующую политику ограничения доступа