CVE-2016-1627

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 48.0.2564.109

Description The issue is related to the Developer Tools (aka DevTools) subsystem, which does not properly validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL. This allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools ui bindings.cc and WebKit/Source/devtools/front end/Runtime.js.

Recommendations For Google Chrome versions prior to 48.0.2564.109, update to version 48.0.2564.109 or later to resolve the issue. As a temporary workaround, consider restricting access to the remoteBase parameter in the Developer Tools subsystem until a patch is available.