CVE-2016-1710

Priority
Description
The ChromeClientImpl::createWindow method in
WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome
before 52.0.2743.82, does not prevent window creation by a deferred frame,
which allows remote attackers to bypass the Same Origin Policy via a
crafted web site.
Package
Upstream:released (52.0.2743.82)
Ubuntu 14.04 LTS (Trusty Tahr):released (52.0.2743.116-0ubuntu0.14.04.1.1134)
Ubuntu 16.04 LTS (Xenial Xerus):released (52.0.2743.116-0ubuntu0.16.04.1.1250)
Package
Upstream:released (1.16.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.16.5-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.16.5-0ubuntu0.16.04.1)
More Information

Updated: 2018-10-31 21:22:36 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)