CVE-2016-5173 (retired)

Priority
Description
The extensions subsystem in Google Chrome before 53.0.2785.113 does not
properly restrict access to Object.prototype, which allows remote attackers
to load unintended resources, and consequently trigger unintended
JavaScript function calls and bypass the Same Origin Policy via an indirect
interception attack.
Package
Upstream:released (53.0.2785.113)
Ubuntu 14.04 LTS (Trusty Tahr):released (53.0.2785.143-0ubuntu0.14.04.1.1142)
Ubuntu 16.04 LTS (Xenial Xerus):released (53.0.2785.143-0ubuntu0.16.04.1.1254)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-26 12:21:55 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)