CVE 2016-1696
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
See the 
CVE page on Mitre.org
for more details.
