Vulnerability in Google Chrome
CVE-2016-1675
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
EPSS: 0.012 (79.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Google Chrome
- Canonical Ubuntu_linux — versions 14.04, 15.10, 16.04
- Debian Debian_linux — versions 8.0
- Opensuse Leap — versions 42.1
- Opensuse — versions 13.2
- Redhat Enterprise_linux_desktop — versions 6.0
- Redhat Enterprise_linux_server — versions 6.0
- Redhat Enterprise_linux_workstation — versions 6.0
- Suse Linux_enterprise — versions 12.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- chrome-cve-admin@google.com (x_refsource_CONFIRM)
- 90876 (vdb-entry, x_refsource_BID)
- chrome-cve-admin@google.com (x_refsource_CONFIRM)
- openSUSE-SU-2016:1496 (vendor-advisory, x_refsource_SUSE)
- 1035981 (vdb-entry, x_refsource_SECTRACK)
- DSA-3590 (vendor-advisory, x_refsource_DEBIAN)
- chrome-cve-admin@google.com (x_refsource_CONFIRM)
- USN-2992-1 (x_refsource_UBUNTU, vendor-advisory)
- openSUSE-SU-2016:1430 (vendor-advisory, x_refsource_SUSE)
- RHSA-2016:1190 (x_refsource_REDHAT, vendor-advisory)
Frequently asked questions
- What is CVE-2016-1675?
- CVE-2016-1675 is a high-severity vulnerability in Google Chrome, classified under Improper Access Control. CVSS score: 8.8/10. Published 2016-06-05.
- How severe is CVE-2016-1675?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2016-1675 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.