CVE-2016-5143

Published: 07 August 2016

The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (52.0.2743.116-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (52.0.2743.116-0ubuntu0.16.04.1.1250)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134])
oxide-qt
Launchpad, Ubuntu, Debian
Upstream
Released (1.16.6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.17.7-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.17.7-0ubuntu0.14.04.1])