6903 matches found
Design/Logic Flaw
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp...
CVE-2016-1676
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2016-1692
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...
CVE-2016-1697
CVE-2016-1697 affects Google Chrome (Blink/WebKit) prior to 51.0.2704.79. The FrameLoader::startLoad path in FrameLoader.cpp does not prevent frame navigations during DocumentLoader detach, enabling a remote attacker to bypass the Same Origin Policy via crafted JavaScript. A patch was released in...
CVE-2016-1673
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2016-1696
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2016-1673
CVE-2016-1673 refers to a cross-origin bypass in Blink/WebKit used by Blink in Google Chrome prior to 51.0.2704.63. The connected sources confirm it is part of a set of Chromium/KChrome issues fixed in the 51.0.2704.63 release, with Debian indicating the fix is in chromium-browser 51.0.2704.63-1~...
CVE-2016-1696
CVE-2016-1696 affects Google Chrome prior to 51.0.2704.79, where the extensions subsystem did not properly restrict bindings access, enabling a cross-origin bypass of the Same Origin Policy via unspecified vectors. Multiple connected sources (Chromium security advisories and Debian/arch updates) ...
CVE-2016-1674
CVE-2016-1674 is a cross‑origin bypass vulnerability in Chrome/Chromium extensions bindings. The issue is described in the official Chrome security release notes for Chrome 51 (51.0.2704.63) and is listed among multiple CVEs fixed in that build. Debian security advisories also note fixes for chro...
CVE-2016-1692
CVE-2016-1692 concerns WebKit/Blink: StyleSheetContents.cpp in Blink, used by Google Chrome prior to 51.0.2704.63, allows a ServiceWorker to cause cross-origin loading of CSS stylesheets even when the stylesheet has an incorrect MIME type. This enables bypassing the Same Origin Policy via a craft...
CVE-2016-1676
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2016-1675
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp...
CVE-2016-1674
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
CVE-2016-1672
The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...
CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...
CVE-2016-1675
CVE-2016-1675 affects Google Chrome/Chromium up to 51.0.2704.63. It is a Same Origin Policy bypass in Blink/WebKit caused by mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. The Chrome/Chromium 51 stable update (51.0.2704.63) fixes this and r...
CVE-2016-1676
CVE-2016-1676 affects Google Chrome/Chromium before 51.0.2704.63. The issue is a cross-origin bypass in extension bindings (bindings.js) caused by improper prototype handling in the extensions framework, enabling remote bypass of Same Origin Policy via unspecified vectors. Debian security advisor...
CVE-2016-1697
Removed by vendor...
CVE-2016-1674
Removed by vendor...
CVE-2016-1673
Removed by vendor...