CVE-2016-1658

NameCVE-2016-1658
DescriptionThe Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3549-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersourcewheezy(unfixed)end-of-life
chromium-browsersourcejessie50.0.2661.75-1~deb8u1DSA-3549-1
chromium-browsersource(unstable)50.0.2661.75-1

Notes

[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)

Search for package or bug name: Reporting problems