CVE-2016-1658: Infoleak
First published: Mon Apr 18 2016(Updated: )
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Package Hub for SUSE Linux Enterprise | =12 | |
| openSUSE | =42.1 | |
| Google Chrome | <=49.0.2623.112 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html
- http://rhn.redhat.com/errata/RHSA-2016-0638.html
- http://www.debian.org/security/2016/dsa-3549
- https://codereview.chromium.org/1658913002
- https://crbug.com/573317
- https://security.gentoo.org/glsa/201605-02
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/novell
- canonical/suse package hub for suse linux enterprise
- version/suse package hub for suse linux enterprise/12
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.1
- vendor/google
- canonical/google chrome
- version/google chrome/49.0.2623.112
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0