CVE-2016-1692

Impact:
Low
Public Date:
2016-05-25
Bugzilla:
1340027: CVE-2016-1692 chromium-browser: limited cross-origin bypass in serviceworker

The MITRE CVE dictionary describes this issue as:

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Find out more about CVE-2016-1692 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (chromium-browser) RHSA-2016:1190 2016-06-01

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation