Insufficient Same Origin Policy Enforcement in Google Chrome for Android Allows Remote File Access

Insufficient Same Origin Policy Enforcement in Google Chrome for Android Allows Remote File Access

CVE-2016-5196 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

Learn more about our Cis Benchmark Audit For Google Android.