CVE-2016-1658

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2016-04-18 03:59

Updated : 2018-10-30 09:27


NVD link : CVE-2016-1658

Mitre link : CVE-2016-1658


JSON object : View

CWE
CWE-284

Improper Access Control

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

novell

  • suse_package_hub_for_suse_linux_enterprise

google

  • chrome

opensuse

  • leap