Lucene search

K

ChromeCVELIST:CVE-2016-1710

HistoryJul 23, 2016 - 7:00 p.m.

CVE-2016-1710

2016-07-2319:00:00

Chrome

www.cve.org

4

AI Score

8.5

Confidence

High

EPSS

0.009

Percentile

83.2%

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

References

googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

rhn.redhat.com/errata/RHSA-2016-1485.html

www.debian.org/security/2016/dsa-3637

www.securityfocus.com/bid/92053

www.securitytracker.com/id/1036428

www.ubuntu.com/usn/USN-3041-1

codereview.chromium.org/2035973002/

crbug.com/616907

AI Score

8.5

Confidence

High

EPSS

0.009

Percentile

83.2%

Related for CVELIST:CVE-2016-1710

redhatcve1 ubuntucve1 debiancve1 cve1 prion1 nvd1 nessus10 ubuntu1 openvas10 archlinux1 redhat1 freebsd1 threatpost1 kaspersky1 suse4 mageia1 chrome1 debian2 osv1