Medium severity4.3NVD Advisory· Published Apr 18, 2016· Updated May 6, 2026

CVE-2016-1658

Description

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <=49.0.2623.112
Novell/Suse Package Hub For Suse Linux Enterprise
cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.htmlnvd
rhn.redhat.com/errata/RHSA-2016-0638.htmlnvd
www.debian.org/security/2016/dsa-3549nvd
codereview.chromium.org/1658913002nvd
crbug.com/573317nvd
security.gentoo.org/glsa/201605-02nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000