FKIE_CVE-2016-1697

Vulnerability from fkie_nvd - Published: 2016-06-05 23:59 - Updated: 2025-04-12 10:46
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
References
chrome-cve-admin@google.comhttp://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
chrome-cve-admin@google.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
chrome-cve-admin@google.comhttp://www.debian.org/security/2016/dsa-3594
chrome-cve-admin@google.comhttp://www.securitytracker.com/id/1036026
chrome-cve-admin@google.comhttp://www.ubuntu.com/usn/USN-2992-1
chrome-cve-admin@google.comhttps://access.redhat.com/errata/RHSA-2016:1201
chrome-cve-admin@google.comhttps://codereview.chromium.org/2021373003
chrome-cve-admin@google.comhttps://crbug.com/613266
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3594
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036026
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2992-1
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1201
af854a3a-2127-422b-91ae-364da2661108https://codereview.chromium.org/2021373003
af854a3a-2127-422b-91ae-364da2661108https://crbug.com/613266
Impacted products
Vendor Product Version
google chrome *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 16.04
debian debian_linux 8.0
opensuse leap 42.1
opensuse opensuse 13.2
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
suse linux_enterprise 12.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5632B7FF-1930-4ADF-BBA1-C11FD636C7E7",
              "versionEndIncluding": "51.0.2704.63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3nFrameLoader::startLoad en WebKit/Source/core/loader/FrameLoader.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.79, no impide marcos de navegaci\u00f3n durante las operaciones de separaci\u00f3n DocumentLoader, lo que permite a atacantes remotos eludir la Same Origin Policy a trav\u00e9s de c\u00f3digo JavaScript manipulado."
    }
  ],
  "id": "CVE-2016-1697",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-05T23:59:27.213",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.debian.org/security/2016/dsa-3594"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.securitytracker.com/id/1036026"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "http://www.ubuntu.com/usn/USN-2992-1"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://access.redhat.com/errata/RHSA-2016:1201"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://codereview.chromium.org/2021373003"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://crbug.com/613266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3594"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2992-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2016:1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://codereview.chromium.org/2021373003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://crbug.com/613266"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.