CVE-2016-1670

Description

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.3CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
• v2.0•LOW•Score: 2.6AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.68%• Percentile: 72%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

• debian•debian_linux

  8.0

• google•chrome

  ≤ 50.0.2661.87

• opensuse•opensuse

  13.1

References (12)

• http://www.securityfocus.com/bid/90584
• http://www.securitytracker.com/id/1035872
• http://rhn.redhat.com/errata/RHSA-2016-1080.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html
• http://www.debian.org/security/2016/dsa-3590
• http://www.ubuntu.com/usn/USN-2960-1
• https://crbug.com/578882
• http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
• https://codereview.chromium.org/1608573002
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html
• https://security.gentoo.org/glsa/201605-02