Vulnerability Description
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 8.0 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.2 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Suse | Linux Enterprise | 12.0 |
| Chrome | <= 50.0.2661.102 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
- http://www.debian.org/security/2016/dsa-3590
- http://www.securityfocus.com/bid/90876
- http://www.securitytracker.com/id/1035981
- http://www.ubuntu.com/usn/USN-2992-1
- https://access.redhat.com/errata/RHSA-2016:1190
- https://codereview.chromium.org/1858833003
- https://crbug.com/600182
- https://security.gentoo.org/glsa/201607-07
- http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
FAQ
What is CVE-2016-1675?
CVE-2016-1675 is a vulnerability with a CVSS score of 8.8 (HIGH). Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to Fram...
How severe is CVE-2016-1675?
CVE-2016-1675 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1675?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Debian Debian Linux, Opensuse Leap, Opensuse Opensuse, Redhat Enterprise Linux Desktop.