CVE Vulnerabilities

CVE-2016-1632

Published: Mar 06, 2016 | Modified: Nov 07, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 48.0.2564.116 (including)
Red Hat Enterprise Linux 6 Supplementary RedHat chromium-browser-0:49.0.2623.75-1.el6 *
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *
Chromium-browser Ubuntu wily *

References