[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-5173Date: (C)2016-09-26   (M)2023-12-22


The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.1CVSS Score : 6.8
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 3.7Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: PARTIAL
Integrity: LOW 
Availability: LOW 
  
Reference:
-1036826
-92942
DSA-3667
GLSA-201610-09
RHSA-2016:1905
https://codereview.chromium.org/1840453002
https://crbug.com/468931
https://crbug.com/471523
https://crbug.com/497507
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html

CPE    1
cpe:/a:google:chrome
CWE    1
CWE-284
OVAL    12
oval:org.secpod.oval:def:505553
oval:org.secpod.oval:def:111429
oval:org.secpod.oval:def:111321
oval:org.secpod.oval:def:37198
...

© SecPod Technologies