Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-1698
HistoryJun 05, 2016 - 12:00 a.m.

CVE-2016-1698

2016-06-0500:00:00
ubuntu.com
ubuntu.com
10

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

The createCustomType function in extensions/renderer/resources/binding.js
in the extension bindings in Google Chrome before 51.0.2704.79 does not
validate module types, which might allow attackers to load arbitrary
modules or obtain sensitive information by leveraging a poisoned
definition.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 51.0.2704.79-0ubuntu0.14.04.1.1121UNKNOWN
ubuntu16.04noarchchromium-browser< 51.0.2704.79-0ubuntu0.16.04.1.1242UNKNOWN

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%