The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
References
Information
Published : 2016-02-13 18:59
Updated : 2018-10-30 09:27
NVD link : CVE-2016-1625
Mitre link : CVE-2016-1625
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
debian
- debian_linux
- chrome
opensuse
- opensuse