CVE-2016-1658

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
opensuseleap
42.1
googlechrome
𝑥
≤ 49.0.2623.112
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
xenial
Fixed 50.0.2661.102-0ubuntu0.16.04.1.1237
released
wily
Fixed 50.0.2661.102-0ubuntu0.15.10.1.1227
released
trusty
Fixed 50.0.2661.102-0ubuntu0.14.04.1.1117
released
precise
ignored
oxide-qt
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2016-0638.html
http://www.debian.org/security/2016/dsa-3549
https://codereview.chromium.org/1658913002
https://crbug.com/573317
https://security.gentoo.org/glsa/201605-02
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2016-0638.html
http://www.debian.org/security/2016/dsa-3549
https://codereview.chromium.org/1658913002
https://crbug.com/573317
https://security.gentoo.org/glsa/201605-02