CVE-2016-5196

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 54.0.2840.85

Description The issue is related to errors in security settings, allowing a remote attacker to compromise the confidentiality, integrity, and availability of protected information using a specially crafted HTML page. The content renderer client in Google Chrome insufficiently enforces the Same Origin Policy amongst downloaded files, enabling a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

Recommendations For Google Chrome versions prior to 54.0.2840.85, update to version 54.0.2840.85 or later to resolve the issue. As a temporary workaround, consider restricting access to downloaded files and avoiding the use of crafted HTML pages until the update is applied.