NVD

Id
18002  
Name
CVE-2016-1652  
Description
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-04-18  
Modified Date
2016-12-02  
Seq
2016-1652  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
98786 18002 CVE-2016-1652 http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html  View
98787 18002 CVE-2016-1652 SUSE-SU-2016:1060  View
98788 18002 CVE-2016-1652 openSUSE-SU-2016:1061  View
98789 18002 CVE-2016-1652 openSUSE-SU-2016:1135  View
98790 18002 CVE-2016-1652 openSUSE-SU-2016:1136  View
98791 18002 CVE-2016-1652 RHSA-2016:0638  View
98792 18002 CVE-2016-1652 DSA-3549  View
98793 18002 CVE-2016-1652 https://codereview.chromium.org/1748943002/  View
98794 18002 CVE-2016-1652 https://crbug.com/590275  View
98795 18002 CVE-2016-1652 GLSA-201605-02  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1402 JVNDB-2016-002175 Google Chrome の拡張サブシステムの extensions/renderer/module_system.cc におけるクロスサイトスクリプティングの脆弱性 Google Chrome の拡張サブシステムの extensions/renderer/module_system.cc の ModuleSystem::RequireForJsInner 関数には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2016-1652 88158 CVE-2016-1652 18002 4.3 6.1 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002175.html 2016-04-13 2016-04-25 View