NVD

Id
17973  
Name
CVE-2016-1623  
Description
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-02-13  
Modified Date
2016-12-05  
Seq
2016-1623  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
98457 17973 CVE-2016-1623 http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html  View
98458 17973 CVE-2016-1623 openSUSE-SU-2016:0491  View
98459 17973 CVE-2016-1623 openSUSE-SU-2016:0518  View
98460 17973 CVE-2016-1623 RHSA-2016:0241  View
98461 17973 CVE-2016-1623 DSA-3486  View
98462 17973 CVE-2016-1623 83125  View
98463 17973 CVE-2016-1623 1035183  View
98464 17973 CVE-2016-1623 USN-2895-1  View
98465 17973 CVE-2016-1623 https://code.google.com/p/chromium/issues/detail?id=577105  View
98466 17973 CVE-2016-1623 https://codereview.chromium.org/1659013003  View
98467 17973 CVE-2016-1623 GLSA-201603-09  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
731 JVNDB-2016-001504 Google Chrome の DOM の実装における同一生成元ポリシーを回避される脆弱性 Google Chrome の DOM の実装は、フレームデタッチ操作中または操作後にフレームアタッチ操作が起こらないよう適切に制限しないため、同一生成元ポリシーを回避される脆弱性が存在します。 CVE-2016-1623 88129 CVE-2016-1623 17973 6.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001504.html 2016-02-09 2016-02-26 View