CVE-2016-1673

high-risk

Published 2016-06-05

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Do I need to act?

1.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (11)

Chrome

Ubuntu Linux

Debian Linux

Opensuse

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Leap

Linux Enterprise

Affected Vendors

Google Opensuse Debian Canonical Redhat Suse

References (22)

http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

http://www.debian.org/security/2016/dsa-3590

http://www.securityfocus.com/bid/90876

http://www.securitytracker.com/id/1035981

http://www.ubuntu.com/usn/USN-2992-1

https://access.redhat.com/errata/RHSA-2016:1190

https://crbug.com/597532

https://security.gentoo.org/glsa/201607-07

http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html

http://www.debian.org/security/2016/dsa-3590

http://www.securityfocus.com/bid/90876

http://www.securitytracker.com/id/1035981

http://www.ubuntu.com/usn/USN-2992-1

https://access.redhat.com/errata/RHSA-2016:1190

and 2 more references

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 16/34 · Moderate