8.8

CVE-2016-1632

EPSS 1.21%
Veröffentlicht 06.03.2016 02:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 48.0.2564.116

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.21%	0.781

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

https://security.gentoo.org/glsa/201603-09

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html

http://www.debian.org/security/2016/dsa-3507

http://www.securityfocus.com/bid/84008

http://www.securitytracker.com/id/1035185

https://code.google.com/p/chromium/issues/detail?id=549986

https://codereview.chromium.org/1433293004

https://nvd.nist.gov/vuln/detail/CVE-2016-1632

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1632

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1632

EUVD