Improper Prototype Usage in Google Chrome Extension Bindings Allows Same Origin Policy Bypass

Improper Prototype Usage in Google Chrome Extension Bindings Allows Same Origin Policy Bypass

CVE-2016-1676 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Learn more about our Cis Benchmark Audit For Bind.