CVE-2016-5135

EUVD-2016-6086

23.07.2016, 19:59

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Affected Products (NVD)

Vendor	Product	Version
google	chrome	𝑥 ≤ 51.0.2704.106

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

precise	ignored
trusty	Fixed 52.0.2743.116-0ubuntu0.14.04.1.1134 released
wily	ignored
xenial	Fixed 52.0.2743.116-0ubuntu0.16.04.1.1250 released
yakkety	Fixed 53.0.2785.143-0ubuntu1.1307 released

oxide-qt

precise	dne
trusty	Fixed 1.16.5-0ubuntu0.14.04.1 released
wily	ignored
xenial	Fixed 1.16.5-0ubuntu0.16.04.1 released
yakkety	Fixed 1.16.7-0ubuntu1 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1485.html

http://www.debian.org/security/2016/dsa-3637

http://www.securityfocus.com/bid/92053

http://www.securitytracker.com/id/1036428

http://www.ubuntu.com/usn/USN-3041-1

https://codereview.chromium.org/1913983002

https://crbug.com/605451

https://security.gentoo.org/glsa/201610-09

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1485.html

http://www.debian.org/security/2016/dsa-3637

http://www.securityfocus.com/bid/92053

http://www.securitytracker.com/id/1036428

http://www.ubuntu.com/usn/USN-3041-1

https://codereview.chromium.org/1913983002

https://crbug.com/605451

https://security.gentoo.org/glsa/201610-09