New Search

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype - CVE-2016-5173

oval:org.cisecurity:def:1197

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype which allows remote attackers to load unintended resources and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows Server 2003
  • Microsoft Windows 10
  • Microsoft Windows Vista
  • Microsoft Windows Server 2012 R2
Class:
vulnerability
Reference(s):
  • CVE-2016-5173
Product(s):
  • Google Chrome