CVE-2016-1657 — MEDIUM (4.3)

Q: How severe is CVE-2016-1657?

CVE-2016-1657 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-1657?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Novell Suse Package Hub For Suse Linux Enterprise, Opensuse Leap, Google Chrome.

Vulnerability Description

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	8.0
Novell	Suse Package Hub For Suse Linux Enterprise	12
Opensuse	Leap	42.1
Google	Chrome	<= 49.0.2623.112

Related Weaknesses (CWE)

CWE-254

References

FAQ

What is CVE-2016-1657?

CVE-2016-1657 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which ...

How severe is CVE-2016-1657?

CVE-2016-1657 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1657?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Novell Suse Package Hub For Suse Linux Enterprise, Opensuse Leap, Google Chrome.