CVE Vulnerabilities

CVE-2016-1636

Published: Mar 06, 2016 | Modified: Dec 03, 2016
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 48.0.2564.116
Red Hat Enterprise Linux 6 Supplementary RedHat chromium-browser-0:49.0.2623.75-1.el6 *
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *
Chromium-browser Ubuntu wily *
Oxide-qt Ubuntu devel *
Oxide-qt Ubuntu trusty *
Oxide-qt Ubuntu upstream *
Oxide-qt Ubuntu vivid/stable-phone-overlay *
Oxide-qt Ubuntu wily *

References