The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html - | |
References | () https://access.redhat.com/errata/RHSA-2016:1201 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html - | |
References | () http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html - | |
References | () http://www.debian.org/security/2016/dsa-3594 - | |
References | () http://www.securitytracker.com/id/1036026 - | |
References | () http://www.ubuntu.com/usn/USN-2992-1 - | |
References | () https://crbug.com/613266 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html - | |
References | () https://codereview.chromium.org/2021373003 - |
Information
Published : 2016-06-05 23:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-1697
Mitre link : CVE-2016-1697
CVE.ORG link : CVE-2016-1697
JSON object : View
Products Affected
debian
- debian_linux
opensuse
- opensuse
- leap
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
- chrome
suse
- linux_enterprise
canonical
- ubuntu_linux
CWE
CWE-284
Improper Access Control