Lucene search

K

ChromeCVELIST:CVE-2016-1623

HistoryFeb 14, 2016 - 2:00 a.m.

CVE-2016-1623

2016-02-1402:00:00

Chrome

www.cve.org

8.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.

References

googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html

lists.opensuse.org/opensuse-updates/2016-02/msg00104.html

lists.opensuse.org/opensuse-updates/2016-02/msg00119.html

rhn.redhat.com/errata/RHSA-2016-0241.html

www.debian.org/security/2016/dsa-3486

www.securityfocus.com/bid/83125

www.securitytracker.com/id/1035183

www.ubuntu.com/usn/USN-2895-1

code.google.com/p/chromium/issues/detail?id=577105

codereview.chromium.org/1659013003

security.gentoo.org/glsa/201603-09

8.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

Related for CVELIST:CVE-2016-1623

cve1 prion1 debiancve1 nvd1 ubuntucve1 seebug1 nessus10 openvas8 ubuntu1 freebsd1 redhat1 kaspersky1 chrome1 debian2 osv1 mageia1 gentoo1