Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-1638

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app.

Related bugs and status

CVE-2016-1638 (Candidate) is related to these bugs:

Bug #1553438: Chromium in Ubuntu still to version 48.0.2564.116 not update to version 49.0.2623.75 as Debian Chromium packages.

Summary				In	Importance	Status
	1553438	Chromium in Ubuntu still to version 48.0.2564.116 not update to version 49.0.2623.75 as Debian Chromium packages.		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
CONFIRM: https://codereview.chr...
BID: 84008
DEBIAN: DSA-3507
GENTOO: GLSA-201603-09
SUSE: SUSE-SU-2016:0665
SUSE: openSUSE-SU-2016:0664
SUSE: openSUSE-SU-2016:0684
SUSE: openSUSE-SU-2016:0729
SECTRACK: 1035185