PT-2016-1732 · Google+4 · Google Chrome+4

Antonio Sanso

Publicado

2016-04-13

Atualizado

2024-06-15

CVE-2016-1658

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 50.0.2661.75 Opera versions prior to 50.0.2661.75

Description The issue arises from the incorrect reliance on GetOrigin method calls for origin comparisons in the Extensions subsystem. This allows remote attackers to bypass the Same Origin Policy, potentially obtaining sensitive information via a crafted extension.

Recommendations For Google Chrome versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later. For Opera versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later. As a temporary workaround, consider restricting the use of extensions in Google Chrome and Opera until a patch is applied.

Correção

Improper Access Control

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-200

Identificadores relacionados

ALT-PU-2016-2194

BDU:2016-01058

CVE-2016-1658

DSA-3549-1

MGASA-2016-0143

OPENSUSE-SU-2016_1061-1

OPENSUSE-SU-2016_1135-1

OPENSUSE-SU-2016_1136-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2016:0638

RHSA-2016_0638

Produtos afetados

Alt Linux

Google Chrome

Opera

Red Hat

Suse

PT-2016-1732 · Google+4 · Google Chrome+4

CVE-2016-1658

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2355