CVE-2016-5192

Published: 17 October 2016

Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	precise	Ignored
	trusty	Does not exist (trusty was released [58.0.3029.81-0ubuntu0.14.04.1172])
	upstream	Released (54.0.2840.59)
	xenial	Released (55.0.2883.87-0ubuntu0.16.04.1263)
	yakkety	Released (55.0.2883.87-0ubuntu0.16.10.1328)
	zesty	Released (55.0.2883.87-0ubuntu1)
oxide-qt Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was released [1.18.3-0ubuntu0.14.04.1])
	upstream	Released (1.18.3)
	xenial	Released (1.18.3-0ubuntu0.16.04.1)
	yakkety	Released (1.18.3-0ubuntu0.16.10.1)
	zesty	Released (1.19.6-0ubuntu2)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›