CVE-2016-1658: Infoleak
First published: Mon Apr 18 2016(Updated: )
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Package Hub for SUSE Linux Enterprise | =12 | |
| SUSE Linux | =42.1 | |
| Google Chrome (Trace Event) | <=49.0.2623.112 | |
| Debian | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html
- http://rhn.redhat.com/errata/RHSA-2016-0638.html
- http://www.debian.org/security/2016/dsa-3549
- https://codereview.chromium.org/1658913002
- https://crbug.com/573317
- https://security.gentoo.org/glsa/201605-02
Frequently Asked Questions
What is the severity of CVE-2016-1658?
CVE-2016-1658 is classified as a high severity vulnerability due to its potential to bypass the Same Origin Policy.
How do I fix CVE-2016-1658?
To mitigate CVE-2016-1658, users should update Google Chrome to version 50.0.2661.75 or later.
Who is affected by CVE-2016-1658?
CVE-2016-1658 affects users running versions of Google Chrome prior to 50.0.2661.75, as well as specific distributions of SUSE Linux and Debian.
What type of attack does CVE-2016-1658 allow?
CVE-2016-1658 allows remote attackers to exploit the vulnerability to access sensitive information through crafted extensions.
When was CVE-2016-1658 discovered?
CVE-2016-1658 was disclosed in April 2016.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/novell
- canonical/suse package hub for suse linux enterprise
- version/suse package hub for suse linux enterprise/12
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/49.0.2623.112
- vendor/debian
- canonical/debian
- version/debian/8.0