The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the users next navigation target via a crafted web site.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 48.0.2564.116 (including) |