Vulnerability Description
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 51.0.2704.63 | |
| Debian | Debian Linux | 8.0 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.2 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Suse | Linux Enterprise | 12.0 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
- http://www.debian.org/security/2016/dsa-3594
- http://www.securitytracker.com/id/1036026
- https://access.redhat.com/errata/RHSA-2016:1201
- https://codereview.chromium.org/1866103002
- https://crbug.com/601073
- http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
- http://www.debian.org/security/2016/dsa-3594
- http://www.securitytracker.com/id/1036026
FAQ
What is CVE-2016-1696?
CVE-2016-1696 is a vulnerability with a CVSS score of 8.8 (HIGH). The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
How severe is CVE-2016-1696?
CVE-2016-1696 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1696?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Debian Debian Linux, Opensuse Leap, Opensuse Opensuse, Redhat Enterprise Linux Desktop.