The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Chrome
Published: 2016-03-06T02:00:00
Updated: 2016-12-01T15:57:02
Reserved: 2016-01-12T00:00:00
Link: CVE-2016-1640
JSON object: View
NVD Information
Status : Modified
Published: 2016-03-06T02:59:11.070
Modified: 2023-11-07T02:30:17.440
Link: CVE-2016-1640
JSON object: View
Redhat Information
No data.
CWE