CVE-2016-5135

Published: Jul 23, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 51.0.2704.106

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2016-1485.html

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2016/dsa-3637

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/92053

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1036428

Source: chrome-cve-admin@google.com

http://www.ubuntu.com/usn/USN-3041-1

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/1913983002

Source: chrome-cve-admin@google.com

https://crbug.com/605451

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/201610-09

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-1485.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3637

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/92053

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036428

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-3041-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/1913983002

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/605451

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201610-09

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.