Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-653A8059-7C49-11E6-9242-3065EC8FD3EC (CVE-2016-5173): chromium -- multiple vulnerabilities

Back to Search

FreeBSD: VID-653A8059-7C49-11E6-9242-3065EC8FD3EC (CVE-2016-5173): chromium -- multiple vulnerabilities

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
09/13/2016
Created
07/25/2018
Added
11/14/2016
Modified
05/03/2019

Description

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.

Solution(s)

  • freebsd-upgrade-package-chromium
  • freebsd-upgrade-package-chromium-npapi
  • freebsd-upgrade-package-chromium-pulse

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;