CVE-2016-1631

Vulnerability

The vulnerability resides in the PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc within the Pepper plugin of Google Chrome. The function mishandles nested message loops, allowing a crafted website to trigger a same-origin policy bypass. Affected versions are Google Chrome before 49.0.2623.75 [1][2].

Exploitation

An attacker needs to trick a user into visiting a specially crafted website. The attacker can exploit the nested message loop handling to bypass the Same Origin Policy, potentially accessing cross-origin resources. No authentication or special network position is required beyond serving the malicious site [1].

Impact

Successful exploitation allows the attacker to bypass the Same Origin Policy, leading to potential information disclosure from other origins. The attacker can read data from other websites or perform actions on behalf of the user within the browser's security context [1][3].

Mitigation

The fix was implemented in Chromium commit dd77c2a41c72589d929db0592565125ca629fb2c and released in Chrome 49.0.2623.75 [2]. Users should update to Chrome 49.0.2623.75 or later. For Ubuntu, the update is available in USN-2920-1 [1]. Gentoo users should upgrade to >=www-client/chromium-49.0.2623.87 [3]. No workaround is known.