Lucene search

K

ChromeCVELIST:CVE-2016-1693

HistoryJun 05, 2016 - 11:00 p.m.

CVE-2016-1693

2016-06-0523:00:00

Chrome

www.cve.org

6

AI Score

6

Confidence

High

EPSS

0.002

Percentile

60.4%

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session.

References

googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

www.debian.org/security/2016/dsa-3590

www.securityfocus.com/bid/90876

www.securitytracker.com/id/1035981

access.redhat.com/errata/RHSA-2016:1190

codereview.chromium.org/1919043002

crbug.com/598752

security.gentoo.org/glsa/201607-07

AI Score

6

Confidence

High

EPSS

0.002

Percentile

60.4%

Related for CVELIST:CVE-2016-1693

ubuntucve1 prion1 redhatcve1 cve1 debiancve1 nvd1 freebsd1 nessus8 kaspersky1 threatpost1 archlinux1 suse3 openvas7 gentoo1 chrome1 redhat1 debian2 osv1