CVE-2016-1696

Опубликовано: 01 июн. 2016

Источник: redhat

CVSS2: 6.8

EPSS Низкий

Описание

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1342001chromium-browser: cross-origin bypass in extension bindings

EPSS

Процентиль: 76%

0.00981

Низкий

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2016-1696

CVSS3: 8.8

ubuntu

больше 9 лет назад

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2016-1696

CVSS3: 8.8

nvd

больше 9 лет назад

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2016-1696

CVSS3: 8.8

debian

больше 9 лет назад

The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...

GHSA-3r8m-9qvw-p5fw

CVSS3: 8.8

github

больше 3 лет назад

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

BDU:2016-01495

fstec

больше 9 лет назад

Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующую политику ограничения доступа

EPSS

Процентиль: 76%

0.00981

Низкий

6.8 Medium

CVSS2