7.1

CVE-2016-5173

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version <= 53.0.2785.101
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.02% 0.589
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 2.8 3.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://security.gentoo.org/glsa/201610-09
http://www.debian.org/security/2016/dsa-3667
http://rhn.redhat.com/errata/RHSA-2016-1905.html
http://www.securityfocus.com/bid/92942
http://www.securitytracker.com/id/1036826
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html
https://codereview.chromium.org/1840453002
https://crbug.com/468931
https://crbug.com/471523
https://crbug.com/497507