CVE-2016-1627 (retired)

Priority
Description
The Developer Tools (aka DevTools) subsystem in Google Chrome before
48.0.2564.109 does not validate URL schemes and ensure that the remoteBase
parameter is associated with a chrome-devtools-frontend.appspot.com URL,
which allows remote attackers to bypass intended access restrictions via a
crafted URL, related to browser/devtools/devtools_ui_bindings.cc and
WebKit/Source/devtools/front_end/Runtime.js.
Package
Upstream:released (48.0.2564.109)
Ubuntu 14.04 LTS (Trusty Tahr):released (48.0.2564.116-0ubuntu0.14.04.1.1111)
Ubuntu 16.04 LTS (Xenial Xerus):released (48.0.2564.116-0ubuntu1.1229)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-26 12:18:52 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)