CVE-2016-1687
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.4%
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
Affected configurations
References
googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
www.debian.org/security/2016/dsa-3590
www.securityfocus.com/bid/90876
www.securitytracker.com/id/1035981
access.redhat.com/errata/RHSA-2016:1190
codereview.chromium.org/1938123002
codereview.chromium.org/1939833003
crbug.com/603748
security.gentoo.org/glsa/201607-07
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.4%