NVD

Id
18047  
Name
CVE-2016-1697  
Description
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2016-06-05  
Modified Date
2016-07-29  
Seq
2016-1697  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
99297 18047 CVE-2016-1697 http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html  View
99298 18047 CVE-2016-1697 openSUSE-SU-2016:1489  View
99299 18047 CVE-2016-1697 SUSE-SU-2016:1490  View
99300 18047 CVE-2016-1697 openSUSE-SU-2016:1496  View
99301 18047 CVE-2016-1697 DSA-3594  View
99302 18047 CVE-2016-1697 1036026  View
99303 18047 CVE-2016-1697 USN-2992-1  View
99304 18047 CVE-2016-1697 RHSA-2016:1201  View
99305 18047 CVE-2016-1697 https://codereview.chromium.org/2021373003  View
99306 18047 CVE-2016-1697 https://crbug.com/613266  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
2241 JVNDB-2016-003014 Google Chrome で使用される Blink の WebKit/Source/core/loader/FrameLoader.cpp における同一生成元ポリシーを回避される脆弱性 Google Chrome で使用される Blink の WebKit/Source/core/loader/FrameLoader.cpp の FrameLoader::startLoad 関数は、DocumentLoader のデタッチ操作中に、フレームナビゲーションを制限しないため、同一生成元ポリシーを回避される脆弱性が存在します。 CVE-2016-1697 88203 CVE-2016-1697 18047 6.8 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-003014.html 2016-06-01 2016-08-29 View