CVE-2016-1629

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.

References

http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00045.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00048.html

http://rhn.redhat.com/errata/RHSA-2016-0286.html

http://www.debian.org/security/2016/dsa-3486

http://www.securityfocus.com/bid/83302

http://www.securitytracker.com/id/1035184

http://www.ubuntu.com/usn/USN-2905-1

https://code.google.com/p/chromium/issues/detail?id=583431

https://security.gentoo.org/glsa/201603-09

Details

Source: MITRE

Published: 2016-02-21

Updated: 2018-10-30

Type: CWE-264

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
9201Google Chrome < 48.0.2564.116 Blink Same-Origin Policy BypassNessus Network MonitorWeb Clients
high
89902GLSA-201603-09 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
88957Google Chrome < 48.0.2564.116 Blink Same-Origin Policy Bypass (Mac OS X)NessusMacOS X Local Security Checks
critical
88956Google Chrome < 48.0.2564.116 Blink Same-Origin Policy BypassNessusWindows
critical
88929Ubuntu 14.04 LTS / 15.10 : oxide-qt vulnerability (USN-2905-1)NessusUbuntu Local Security Checks
critical
88924openSUSE Security Update : Chromium (openSUSE-2016-249)NessusSuSE Local Security Checks
critical
88918openSUSE Security Update : Chromium 48.0.2564.116 (openSUSE-2016-239)NessusSuSE Local Security Checks
critical
88890RHEL 6 : chromium-browser (RHSA-2016:0286)NessusRed Hat Local Security Checks
critical
88869Debian DSA-3486-1 : chromium-browser - security updateNessusDebian Local Security Checks
critical
88853FreeBSD : chromium -- same origin bypass (368993bb-d685-11e5-8858-00262d5ed8ee)NessusFreeBSD Local Security Checks
critical