Bypassing Same Origin Policy via Script Execution during Node-Adoption Operations in Blink

CVE-2016-1667 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Learn more about our Cis Benchmark Audit For Google Chrome.