Skip to main content

DEPRECATED: Code

CVE-2016-1640

Severity Medium
Score 4.3/10

Summary

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-17 - DEPRECATED: Code

This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

References

Advisory Timeline

  • Published