CVE-2016-1706 : The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.

Published 2016-07-23 19:59:02

Updated 2017-09-01 01:29:05

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2016-1706

Probability of exploitation activity in the next 30 days: 0.89%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-1706

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.6	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	2.8	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-1706

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-1706

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

[security-announce] openSUSE-SU-2016:1868-1: important: Security update

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3041-1

USN-3041-1: Oxide vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

[security-announce] openSUSE-SU-2016:1869-1: important: Security update

CVEs referencing this url
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

Chrome Releases: Stable Channel Update
Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3637

Debian -- Security Information -- DSA-3637-1 chromium-browser

CVEs referencing this url
https://codereview.chromium.org/2069853002/

Issue 2069853002: Ignore certain messages in plugin broker process if they are not sent by the - Code Review
Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

[security-announce] openSUSE-SU-2016:1865-1: important: Security update

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

[security-announce] openSUSE-SU-2016:1918-1: important: Security update

CVEs referencing this url
https://crbug.com/610600

610600 - sandbox escape using ppapi broker - chromium - Monorail
http://rhn.redhat.com/errata/RHSA-2016-1485.html

RHSA-2016:1485 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securitytracker.com/id/1036428

Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, Spoof URLs, and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Products affected by CVE-2016-1706

Google » Chrome
Versions up to, including, (<=) 51.0.2704.106
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-1706

Exploit prediction scoring system (EPSS) score for CVE-2016-1706

CVSS scores for CVE-2016-1706

CWE ids for CVE-2016-1706

References for CVE-2016-1706

Products affected by CVE-2016-1706