CVE-2016-5217
Published: 19 January 2017
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
Priority
CVSS 3 base score: 6.5
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
upstream |
Released
(55.0.2883.75)
|
precise |
Ignored
|
|
trusty |
Does not exist
(trusty was released [58.0.3029.81-0ubuntu0.14.04.1172])
|
|
xenial |
Released
(55.0.2883.87-0ubuntu0.16.04.1263)
|
|
yakkety |
Released
(55.0.2883.87-0ubuntu0.16.10.1328)
|
|
zesty |
Released
(55.0.2883.87-0ubuntu1)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
zesty |
Not vulnerable
|