WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 51.0.2704.106 (including) | |
Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:52.0.2743.82-1.el6 | * |
Chromium-browser | Ubuntu | devel | * |
Chromium-browser | Ubuntu | precise | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | wily | * |
Chromium-browser | Ubuntu | xenial | * |
Chromium-browser | Ubuntu | yakkety | * |
Oxide-qt | Ubuntu | devel | * |
Oxide-qt | Ubuntu | trusty | * |
Oxide-qt | Ubuntu | upstream | * |
Oxide-qt | Ubuntu | vivid/stable-phone-overlay | * |
Oxide-qt | Ubuntu | wily | * |
Oxide-qt | Ubuntu | xenial | * |
Oxide-qt | Ubuntu | yakkety | * |
Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user’s privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied consistently - or not at all - users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.