CVE-2016-5132

Priority
Description
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not
properly implement the Secure Contexts specification during decisions about
whether to control a subframe, which allows remote attackers to bypass the
Same Origin Policy via an https IFRAME element inside an http IFRAME
element.
Package
Upstream:released (52.0.2743.82)
Ubuntu 14.04 LTS (Trusty Tahr):released (52.0.2743.116-0ubuntu0.14.04.1.1134)
Ubuntu 16.04 LTS (Xenial Xerus):released (52.0.2743.116-0ubuntu0.16.04.1.1250)
Package
Upstream:released (1.16.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.16.5-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.16.5-0ubuntu0.16.04.1)
More Information

Updated: 2018-10-31 21:23:50 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)