Google · Google Chrome · CVE-2016-5192
**Name of the Vulnerable Software and Affected Versions**
Google Chrome versions prior to 54.0.2840.59
Opera versions prior to 54.0.2840.59
**Description**
The issue allows a remote attacker to bypass cross-origin restrictions via crafted HTML pages due to a missed CORS check on redirect in TextTrackLoader.
**Recommendations**
For Google Chrome versions prior to 54.0.2840.59, update to version 54.0.2840.59 or later.
For Opera versions prior to 54.0.2840.59, update to version 54.0.2840.59 or later.