CVE-2016-1664

Description

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.

CVSS Metrics

• v3.0•MEDIUM•Score: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 1.06%• Percentile: 78%

Techniques & Countermeasures

• CWE-254•7PK - Security Features

  Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Affected Systems

• Unknown•Chrome

  ≤ 50.0.2661.87

• opensuse•opensuse

  13.1

• redhat•enterprise_linux_desktop_supplementary

  6.0

• redhat•enterprise_linux_server_supplementary

  6.0

• redhat•enterprise_linux_server_supplementary_eus

  6.7.z

• redhat•enterprise_linux_workstation_supplementary

  6.0

References (11)

• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html
• https://crbug.com/597322
• http://www.debian.org/security/2016/dsa-3564
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
• https://codereview.chromium.org/1848813005/
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html
• http://www.securityfocus.com/bid/89106
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html
• http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html
• http://rhn.redhat.com/errata/RHSA-2016-0707.html
• https://security.gentoo.org/glsa/201605-02