What is the severity of CVE-2016-1667?

CVE-2016-1667 has been categorized as a high severity vulnerability due to its potential to allow bypassing of the Same Origin Policy.

How do I fix CVE-2016-1667?

To fix CVE-2016-1667, ensure that your Google Chrome browser is updated to version 50.0.2661.102 or later.

Which software is affected by CVE-2016-1667?

CVE-2016-1667 affects Google Chrome versions up to 50.0.2661.87, Debian GNU/Linux 8.0, and openSUSE 13.1.

What type of vulnerability is CVE-2016-1667?

CVE-2016-1667 is a script execution vulnerability that arises during node-adoption operations in the DOM implementation of Blink.

Can CVE-2016-1667 be exploited remotely?

Yes, CVE-2016-1667 can be exploited remotely by attackers to bypass security policies in web browsers.

Vulnerability/
CVE-2016-1667

high

8.8

CWE

284

14/5/2016

5/8/2024

CVE-2016-1667

First published: Sat May 14 2016(Updated: )

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Credit: cve-coordination@google.com

Affected Software	Affected Version	How to fix
SUSE Linux	=13.1
Debian	=8.0
Google Chrome (Trace Event)	<=50.0.2661.87

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1667?
CVE-2016-1667 has been categorized as a high severity vulnerability due to its potential to allow bypassing of the Same Origin Policy.
How do I fix CVE-2016-1667?
To fix CVE-2016-1667, ensure that your Google Chrome browser is updated to version 50.0.2661.102 or later.
Which software is affected by CVE-2016-1667?
CVE-2016-1667 affects Google Chrome versions up to 50.0.2661.87, Debian GNU/Linux 8.0, and openSUSE 13.1.
What type of vulnerability is CVE-2016-1667?
CVE-2016-1667 is a script execution vulnerability that arises during node-adoption operations in the DOM implementation of Blink.
Can CVE-2016-1667 be exploited remotely?
Yes, CVE-2016-1667 can be exploited remotely by attackers to bypass security policies in web browsers.

agent/references
agent/type
agent/author
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/opensuse
canonical/suse linux
version/suse linux/13.1
vendor/debian
canonical/debian
version/debian/8.0
vendor/google
canonical/google chrome (trace event)
version/google chrome (trace event)/50.0.2661.87

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.