CVE-2016-1658
Publication date 18 April 2016
Last updated 25 August 2025
Ubuntu priority
Description
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | 16.04 LTS xenial |
Fixed 50.0.2661.102-0ubuntu0.16.04.1.1237
|
| 14.04 LTS trusty |
Fixed 50.0.2661.102-0ubuntu0.14.04.1.1117
|
|
| oxide-qt | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |