PT-2016-1732 · Google+4 · Google Chrome+4

Antonio Sanso

Published

2016-04-13

Updated

2024-06-15

CVE-2016-1658

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 50.0.2661.75 Opera versions prior to 50.0.2661.75

Description The issue arises from the incorrect reliance on GetOrigin method calls for origin comparisons in the Extensions subsystem. This allows remote attackers to bypass the Same Origin Policy, potentially obtaining sensitive information via a crafted extension.

Recommendations For Google Chrome versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later. For Opera versions prior to 50.0.2661.75, update to version 50.0.2661.75 or later. As a temporary workaround, consider restricting the use of extensions in Google Chrome and Opera until a patch is applied.

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

ALT-PU-2016-2194

BDU:2016-01058

CVE-2016-1658

DSA-3549-1

MGASA-2016-0143

OPENSUSE-SU-2016_1061-1

OPENSUSE-SU-2016_1135-1

OPENSUSE-SU-2016_1136-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2016:0638

RHSA-2016_0638

Affected Products

Alt Linux

Google Chrome

Opera

Red Hat

Suse

PT-2016-1732 · Google+4 · Google Chrome+4

CVE-2016-1658

Weakness Enumeration

Related Identifiers

Affected Products

References · 2355