CVE-2016-1658

Published: Apr 18, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

Affected (4)

Products: Novell: Suse Package Hub For Suse Linux Enterprise · Opensuse: Leap · Google: Chrome · +1 more

Show all products

Novell: Suse Package Hub For Suse Linux Enterprise · Opensuse: Leap · Google: Chrome · Debian: Debian Linux

1 product

Suse Package Hub For Suse Linux Enterprise

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Package Hub For Suse Linux Enterprise	Version 12
Opensuse Leap	Version 42.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 49.0.2623.112

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (20)

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-0638.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2016/dsa-3549

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/1658913002

Source: chrome-cve-admin@google.com

https://crbug.com/573317

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201605-02

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-0638.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3549

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/1658913002

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/573317

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201605-02

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.