CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-03-07 16:30:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2016/CVE-2016-5160.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

950 B
Raw Permalink Blame History

CVE-2016-5160

Description

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink