High severity8.8NVD Advisory· Published Jul 23, 2016· Updated May 6, 2026
CVE-2016-5132
CVE-2016-5132
Description
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- googlechromereleases.blogspot.com/2016/07/stable-channel-update.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-1485.htmlnvd
- www.debian.org/security/2016/dsa-3637nvd
- www.securityfocus.com/bid/92053nvd
- www.securitytracker.com/id/1036428nvd
- www.ubuntu.com/usn/USN-3041-1nvd
- codereview.chromium.org/2009453002nvd
- codereview.chromium.org/2061203002/nvd
- codereview.chromium.org/2071433003nvd
- codereview.chromium.org/2082493002/nvd
- codereview.chromium.org/2085923002nvd
- crbug.com/607543nvd
- security.gentoo.org/glsa/201610-09nvd
News mentions
0No linked articles in our index yet.