| Revision Date: | 2016-10-14 | Version: | 25 |
| Title: | Script injection in extensions - CVE-2016-5149 |
| Description: | The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2016-5149
|
| Platform(s): | Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
| Product(s): | Google Chrome
|
| Definition Synopsis |
| Google Chrome is installed AND Check if Google Chrome version less than 53.0.2785.89
|