CVE-2016-1632

high

Description

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.

References

https://security.gentoo.org/glsa/201603-09

https://codereview.chromium.org/1433293004

https://code.google.com/p/chromium/issues/detail?id=549986

http://www.securitytracker.com/id/1035185

http://www.securityfocus.com/bid/84008

http://www.debian.org/security/2016/dsa-3507

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

Details

Source: Mitre, NVD

Published: 2016-03-06

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High