Lucene search

[email protected]CVE-2016-1706

HistoryJul 23, 2016 - 7:59 p.m.

CVE-2016-1706

2016-07-2319:59:00

CWE-20

[email protected]

web.nvd.nist.gov

google chrome

ppapi

implementation

vulnerability

sandbox protection

bypass

remote attackers

cve-2016-1706

nvd

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.4%

JSON

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.

CPENameOperatorVersion
google:chromegoogle chromele51.0.2704.106

CPE	Name	Operator	Version
google:chrome	google chrome	le	51.0.2704.106

References

googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

rhn.redhat.com/errata/RHSA-2016-1485.html

www.debian.org/security/2016/dsa-3637

www.securitytracker.com/id/1036428

www.ubuntu.com/usn/USN-3041-1

codereview.chromium.org/2069853002/

crbug.com/610600

Social References

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.4%

JSON

Related for CVE-2016-1706

redhatcve1 ubuntucve1 debiancve1 prion1 nessus10 ubuntu1 openvas9 threatpost1 redhat1 freebsd1 archlinux1 suse4 chrome1 mageia1 kaspersky1 osv1 debian2