Vulnerability Details : CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-1697
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1697
1.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1697
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1697
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1697
-
https://access.redhat.com/errata/RHSA-2016:1201
RHSA-2016:1201 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://codereview.chromium.org/2021373003
Issue 2021373003: Disable frame navigations during DocumentLoader detach in FrameLoader::startLoad - Code ReviewIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
[security-announce] openSUSE-SU-2016:1496-1: important: Security updateThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3594
Debian -- Security Information -- DSA-3594-1 chromium-browserThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
[security-announce] SUSE-SU-2016:1490-1: important: Security update forThird Party Advisory
-
https://crbug.com/613266
613266 - Security: Universal XSS via reentrancy in FrameLoader::startLoad - chromium - MonorailPermissions Required
-
http://www.securitytracker.com/id/1036026
Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
[security-announce] openSUSE-SU-2016:1489-1: important: Security updateThird Party Advisory
-
http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.ubuntu.com/usn/USN-2992-1
USN-2992-1: Oxide vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to