New Search

Cross-origin bypass in Blink - CVE-2016-1697

oval:org.cisecurity:def:790

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink as used in Google Chrome before 51.0.2704.79 does not prevent frame navigations during DocumentLoader detach operations which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows 8
  • Microsoft Windows 10
  • Microsoft Windows Vista
  • Microsoft Windows Server 2012 R2
Class:
vulnerability
Reference(s):
  • CVE-2016-1697
  • https://codereview.chromium.org/2021373003
  • https://crbug.com/613266
  • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
  • CVE-2016-1697
Product(s):
  • Google Chrome