What is the severity of CVE-2016-1636?

CVE-2016-1636 has been classified as a high severity vulnerability due to its potential for allowing remote attackers to bypass Subresource Integrity protections.

How do I fix CVE-2016-1636?

To fix CVE-2016-1636, update Google Chrome to version 49.0.2623.75 or later.

What type of attacks can exploit CVE-2016-1636?

CVE-2016-1636 can be exploited to perform attacks that bypass subresource integrity checks, potentially allowing malicious scripts to run.

Which versions of Google Chrome are affected by CVE-2016-1636?

CVE-2016-1636 affects Google Chrome versions before 49.0.2623.75.

What is Subresource Integrity in relation to CVE-2016-1636?

Subresource Integrity is a security feature that helps ensure that files hosted on third-party sites have not been tampered with, and CVE-2016-1636 exploits a flaw in this validation.

Vulnerability/
CVE-2016-1636

critical

9.8

CWE

264

6/3/2016

5/8/2024

CVE-2016-1636

First published: Sun Mar 06 2016(Updated: )

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

Credit: cve-coordination@google.com

Affected Software	Affected Version	How to fix
Google Chrome	<=48.0.2564.116

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1636?
CVE-2016-1636 has been classified as a high severity vulnerability due to its potential for allowing remote attackers to bypass Subresource Integrity protections.
How do I fix CVE-2016-1636?
To fix CVE-2016-1636, update Google Chrome to version 49.0.2623.75 or later.
What type of attacks can exploit CVE-2016-1636?
CVE-2016-1636 can be exploited to perform attacks that bypass subresource integrity checks, potentially allowing malicious scripts to run.
Which versions of Google Chrome are affected by CVE-2016-1636?
CVE-2016-1636 affects Google Chrome versions before 49.0.2623.75.
What is Subresource Integrity in relation to CVE-2016-1636?
Subresource Integrity is a security feature that helps ensure that files hosted on third-party sites have not been tampered with, and CVE-2016-1636 exploits a flaw in this validation.

agent/references
agent/type
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/google
canonical/google chrome
version/google chrome/48.0.2564.116

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2016-1636?
CVE-2016-1636 has been classified as a high severity vulnerability due to its potential for allowing remote attackers to bypass Subresource Integrity protections.
How do I fix CVE-2016-1636?
To fix CVE-2016-1636, update Google Chrome to version 49.0.2623.75 or later.
What type of attacks can exploit CVE-2016-1636?
CVE-2016-1636 can be exploited to perform attacks that bypass subresource integrity checks, potentially allowing malicious scripts to run.
Which versions of Google Chrome are affected by CVE-2016-1636?
CVE-2016-1636 affects Google Chrome versions before 49.0.2623.75.
What is Subresource Integrity in relation to CVE-2016-1636?
Subresource Integrity is a security feature that helps ensure that files hosted on third-party sites have not been tampered with, and CVE-2016-1636 exploits a flaw in this validation.