QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5145

Published: Aug 7, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://crbug.com/623406

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

openSUSE-SU-2016:1983

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

https://codereview.chromium.org/2096313002

x_refsource_CONFIRM

https://codereview.chromium.org/2097393002

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

https://codereview.chromium.org/2178513002

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html

x_refsource_CONFIRM

openSUSE-SU-2016:1982

vendor-advisory

x_refsource_SUSE

FEDORA-2016-e9798eaaa3

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2016-5145 - Security Vulnerability | QwikSec