CVE-2016-1664 in Chromeinfo

Summary

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/12/2016

Disclosure

05/14/2016

Moderation

VulDB entry created

Entries

VDB-87384 (1)

CPE

ready

CWE

CWE-254 (Confirmed)

CVSS

6.6

EPSS

0.01056

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1664
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1664
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1664/

◂ Previous Overview Next ▸