CVE-2016-5128

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5128
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5128.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5128
Related
Published
2016-07-23T19:59:10Z
Modified
2024-10-12T02:05:18.629092Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

References

Affected packages

Git / github.com/v8/v8

Affected ranges

Type
GIT
Repo
https://github.com/v8/v8
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

3.*

3.21.18
3.26.30
3.28.33
3.28.34
3.28.36
3.28.37
3.28.39
3.28.40
3.28.41
3.28.42
3.28.44
3.28.46
3.28.47
3.28.49
3.28.55
3.28.56
3.28.58
3.28.61
3.28.63
3.28.66
3.28.67
3.28.68
3.28.70
3.28.72
3.29.1
3.29.12
3.29.13
3.29.15
3.29.18
3.29.19
3.29.2
3.29.21
3.29.22
3.29.26
3.29.28
3.29.3
3.29.30
3.29.31
3.29.32
3.29.33
3.29.34
3.29.36
3.29.37
3.29.39
3.29.4
3.29.42
3.29.44
3.29.45
3.29.46
3.29.47
3.29.48
3.29.49
3.29.5
3.29.51
3.29.52
3.29.54
3.29.55
3.29.56
3.29.58
3.29.6
3.29.60
3.29.61
3.29.62
3.29.63
3.29.65
3.29.67
3.29.68
3.29.69
3.29.7
3.29.71
3.29.72
3.29.73
3.29.76
3.29.77
3.29.79
3.29.8
3.29.80
3.29.85
3.29.86

5.*

5.2.360