What is CVE-2016-1658?

CVE-2016-1658 is a medium-severity vulnerability in Google Chrome, classified under Information Disclosure. CVSS score: 4.3/10. Published 2016-04-18.

How severe is CVE-2016-1658?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Information disclosure in Google Chrome

CVE-2016-1658

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafte…

Vulnerability class: Information Disclosure

EPSS: 0.007 (72.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

Google Chrome
Novell Suse_package_hub_for_suse_linux_enterprise — versions 12
Debian Debian_linux — versions 8.0
Opensuse Leap — versions 42.1
N/a — versions n/a

Weakness classification (CWE)

References

openSUSE-SU-2016:1136 (vendor-advisory, x_refsource_SUSE)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
openSUSE-SU-2016:1135 (vendor-advisory, x_refsource_SUSE)
RHSA-2016:0638 (x_refsource_REDHAT, vendor-advisory)
SUSE-SU-2016:1060 (vendor-advisory, x_refsource_SUSE)
DSA-3549 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2016:1061 (vendor-advisory, x_refsource_SUSE)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
GLSA-201605-02 (vendor-advisory, x_refsource_GENTOO)
chrome-cve-admin@google.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2016-1658?: CVE-2016-1658 is a medium-severity vulnerability in Google Chrome, classified under Information Disclosure. CVSS score: 4.3/10. Published 2016-04-18.
How severe is CVE-2016-1658?: Medium severity. CVSS v3 base score is 4.3 out of 10.