CVE-2016-1711 - OpenCVE

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

References

Link	Resource
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
http://rhn.redhat.com/errata/RHSA-2016-1485.html
http://www.debian.org/security/2016/dsa-3637
http://www.securityfocus.com/bid/92053
http://www.securitytracker.com/id/1036428
http://www.ubuntu.com/usn/USN-3041-1
https://codereview.chromium.org/2079473002
https://crbug.com/617495

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2016-07-23T19:00:00

Updated: 2017-08-31T09:57:01

Reserved: 2016-01-12T00:00:00

Link: CVE-2016-1711

JSON object: View

NVD Information

Status : Modified

Published: 2016-07-23T19:59:07.827

Modified: 2023-11-07T02:30:49.207

Link: CVE-2016-1711

JSON object: View

Redhat Information

No data.

CWE

CWE-285

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-31T09:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "openSUSE-SU-2016:1868", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.chromium.org/2079473002"}, {"name": "openSUSE-SU-2016:1869", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html"}, {"name": "92053", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92053"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"}, {"name": "USN-3041-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3041-1"}, {"name": "openSUSE-SU-2016:1918", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://crbug.com/617495"}, {"name": "openSUSE-SU-2016:1865", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html"}, {"name": "RHSA-2016:1485", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1485.html"}, {"name": "1036428", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036428"}, {"name": "DSA-3637", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3637"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2016-1711", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:1868", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html"}, {"name": "https://codereview.chromium.org/2079473002", "refsource": "CONFIRM", "url": "https://codereview.chromium.org/2079473002"}, {"name": "openSUSE-SU-2016:1869", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html"}, {"name": "92053", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92053"}, {"name": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"}, {"name": "USN-3041-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3041-1"}, {"name": "openSUSE-SU-2016:1918", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html"}, {"name": "https://crbug.com/617495", "refsource": "CONFIRM", "url": "https://crbug.com/617495"}, {"name": "openSUSE-SU-2016:1865", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html"}, {"name": "RHSA-2016:1485", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1485.html"}, {"name": "1036428", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036428"}, {"name": "DSA-3637", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3637"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2016-1711", "datePublished": "2016-07-23T19:00:00", "dateReserved": "2016-01-12T00:00:00", "dateUpdated": "2017-08-31T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC23C474-0857-44A5-ADAE-8AFDEB4EFECE", "versionEndIncluding": "51.0.2704.106", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."}, {"lang": "es", "value": "WebKit/Source/core/loader/FrameLoader.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no deshabilita la navegaci\u00f3n del marco durante una operaci\u00f3n de separaci\u00f3n en un objeto DocumentLoader, lo que permite a atacantes remotos eludir la Same Origin Policy a trav\u00e9s de un sitio web manipulado."}], "id": "CVE-2016-1711", "lastModified": "2023-11-07T02:30:49.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-23T19:59:07.827", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1485.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2016/dsa-3637"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/92053"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1036428"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-3041-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://codereview.chromium.org/2079473002"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/617495"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "nvd@nist.gov", "type": "Primary"}]}