CVE-2016-5135

EPSS 0.43%
Veröffentlicht 23.07.2016 19:59:18
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 16

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 51.0.2704.106

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.debian.org/security/2016/dsa-3637

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1485.html

http://www.securityfocus.com/bid/92053

http://www.securitytracker.com/id/1036428

http://www.ubuntu.com/usn/USN-3041-1

https://security.gentoo.org/glsa/201610-09

https://codereview.chromium.org/1913983002