CVE-2016-1696

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
googlechrome
𝑥
≤ 51.0.2704.63
debiandebian_linux
8.0
opensuseleap
42.1
opensuseopensuse
13.2
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
suselinux_enterprise
12.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
xenial
Fixed 51.0.2704.79-0ubuntu0.16.04.1.1242
released
wily
ignored
trusty
Fixed 51.0.2704.79-0ubuntu0.14.04.1.1121
released
precise
ignored
oxide-qt
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
http://www.debian.org/security/2016/dsa-3594
http://www.securitytracker.com/id/1036026
https://access.redhat.com/errata/RHSA-2016:1201
https://codereview.chromium.org/1866103002
https://crbug.com/601073
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
http://www.debian.org/security/2016/dsa-3594
http://www.securitytracker.com/id/1036026
https://access.redhat.com/errata/RHSA-2016:1201
https://codereview.chromium.org/1866103002
https://crbug.com/601073