CVE-2016-1657

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:30

Type Values Removed Values Added
References (CONFIRM) https://codereview.chromium.org/1678233003/ - () https://codereview.chromium.org/1678233003/ -
References (CONFIRM) https://crbug.com/567445 - () https://crbug.com/567445 -
References (GENTOO) https://security.gentoo.org/glsa/201605-02 - () https://security.gentoo.org/glsa/201605-02 -
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-0638.html - () http://rhn.redhat.com/errata/RHSA-2016-0638.html -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html - () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html - () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html -
References (CONFIRM) http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html -
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html -
References (DEBIAN) http://www.debian.org/security/2016/dsa-3549 - Third Party Advisory () http://www.debian.org/security/2016/dsa-3549 -

Information

Published : 2016-04-18 10:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-1657

Mitre link : CVE-2016-1657

CVE.ORG link : CVE-2016-1657


JSON object : View

Products Affected

google

  • chrome

debian

  • debian_linux

novell

  • suse_package_hub_for_suse_linux_enterprise

opensuse

  • leap
CWE
CWE-254

7PK - Security Features