The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
chrome | le | 49.0.2623.112 | |
suse_package_hub_for_suse_linux_enterprise | eq | 12 | |
leap | eq | 42.1 |
lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html
rhn.redhat.com/errata/RHSA-2016-0638.html
www.debian.org/security/2016/dsa-3549
codereview.chromium.org/1658913002
crbug.com/573317
googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
security.gentoo.org/glsa/201605-02