NVD

Id
17972  
Name
CVE-2016-1622  
Description
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-02-13  
Modified Date
2016-12-05  
Seq
2016-1622  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
98447 17972 CVE-2016-1622 http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html  View
98448 17972 CVE-2016-1622 openSUSE-SU-2016:0491  View
98449 17972 CVE-2016-1622 openSUSE-SU-2016:0518  View
98450 17972 CVE-2016-1622 RHSA-2016:0241  View
98451 17972 CVE-2016-1622 DSA-3486  View
98452 17972 CVE-2016-1622 83125  View
98453 17972 CVE-2016-1622 1035183  View
98454 17972 CVE-2016-1622 https://code.google.com/p/chromium/issues/detail?id=546677  View
98455 17972 CVE-2016-1622 https://codereview.chromium.org/1417513003  View
98456 17972 CVE-2016-1622 GLSA-201603-09  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
730 JVNDB-2016-001503 Google Chrome の拡張サブシステムにおける同一生成元ポリシーを回避される脆弱性 Google Chrome の拡張サブシステムは、拡張動作をオーバーライドする Object.defineProperty メソッドの使用を制限しないため、同一生成元ポリシーを回避される脆弱性が存在します。 CVE-2016-1622 88128 CVE-2016-1622 17972 6.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001503.html 2016-02-09 2016-02-26 View