CVE-2016-1661

Description

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.

CVSS Metrics

• v3.0•HIGH•Score: 8CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 8.3AV:N/AC:M/Au:N/C:P/I:P/A:C

EPSS Trends

Current EPSS score: 1.00%• Percentile: 77%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• Unknown•Chrome

  ≤ 50.0.2661.87

• opensuse•opensuse

  13.1

• redhat•enterprise_linux_desktop_supplementary

  6.0

• redhat•enterprise_linux_server_supplementary

  6.0

• redhat•enterprise_linux_server_supplementary_eus

  6.7.z

• redhat•enterprise_linux_workstation_supplementary

  6.0

References (12)

• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html
• http://www.debian.org/security/2016/dsa-3564
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html
• http://www.ubuntu.com/usn/USN-2960-1
• https://codereview.chromium.org/1887553002/
• http://www.securityfocus.com/bid/89106
• https://crbug.com/601629
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html
• http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html
• http://rhn.redhat.com/errata/RHSA-2016-0707.html
• https://security.gentoo.org/glsa/201605-02