CVE-2016-1623

Published: 13 February 2016

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (48.0.2564.109)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [48.0.2564.116-0ubuntu0.14.04.1.1111])
oxide-qt
Launchpad, Ubuntu, Debian
Upstream
Released (1.12.6)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.12.6-0ubuntu0.14.04.1])