Bypassing Same Origin Policy in Google Chrome Extensions Subsystem

Bypassing Same Origin Policy in Google Chrome Extensions Subsystem

CVE-2016-1696 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Learn more about our Cis Benchmark Audit For Bind.