Bypassing Intended Restrictions in Chrome Instant Feature

Bypassing Intended Restrictions in Chrome Instant Feature

CVE-2016-1625 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.

Learn more about our Cis Benchmark Audit For Google Chrome.