The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2016-04-18T10:00:00

Updated: 2024-08-05T23:02:12.825Z

Reserved: 2016-01-12T00:00:00

Link: CVE-2016-1658

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-04-18T10:59:07.077

Modified: 2024-11-21T02:46:49.973

Link: CVE-2016-1658

cve-icon Redhat

Severity : Low

Publid Date: 2016-04-13T00:00:00Z

Links: CVE-2016-1658 - Bugzilla