CVE-2016-1623

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Access Control Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-1622, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627, CVE-2016-1628, CVE-2016-1629

Published on 14/02/16 - Updated on 30/10/18

Description

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2016-1623
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-053
Debian DSA-3486-1
Redhat RHSA-2016:0241
Ubuntu USN-2895-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
debiandebian_linux
googlechrome
opensuseopensuse

Share this vulnerability with:

Twitter Facebook LinkedIn Mail