CVE-2016-1672 in Chromeinfo

Summary

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/12/2016

Disclosure

06/05/2016

Moderation

VulDB entry created

Entries

1: VDB-87648

CPE

ready

CWE

CWE-284 (Confirmed)

Exploit

Download

CVSS

8.0

EPSS

0.01485

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-1672
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-1672
CVE Details	https://www.cvedetails.com/cve/CVE-2016-1672/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!