CVE-2016-1652 was discovered in Google Chrome prior to version 65.0.1724.95. A maliciously crafted HTML document could cause the Host Security Autentication algorithm to incorrectly identify the origin of the request leading to a situation where the browser would incorrectly trust data from the page, allowing for an attacker to perform a cross-site scripting (XSS) attack.

CVE-2016-1653 was discovered in Google Chrome prior to version 65.0.1724.95. A specially crafted HTML document could potentially cause a remote attacker to incorrectly track the history of the user’s interactions with the Web site, potentially allowing for the hijacking of any actions taken.

CVE-2016-1654 was discovered in Google Chrome prior to version 65.0.1724.90. A maliciously crafted HTML document could cause the browser to load remote content into the foreground tab, potentially allowing for the execution of arbitrary code.

CVE-2016-1655 was discovered in Google Chrome prior to version 65.0.1724.85. A maliciously crafted HTML document could cause the browser to run JavaScript code with elevated privileges, potentially allowing for an attacker to execute arbitrary code.

CVE-2016-1656 was discovered in Google Chrome prior to version 65.0.1724.76. A maliciously crafted HTML document could potentially cause the browser to access data from a different origin, allowing for an attacker to potentially exploit cross

Google Chrome prior to version 66.0.3359.10

The following issues were addressed in Google Chrome 66.0.3359.10:

CVE-2016-1652 was discovered in Google Chrome prior to version 65.0.1724.95. A maliciously crafted HTML document could cause the Host Security Autentication algorithm to incorrectly identify the origin of the request leading to a situation where the browser would incorrectly trust data from the page, allowing for an attacker to perform a cross-site scripting (XSS) attack.
CVE-2016-1653 was discovered in Google Chrome prior to version 65.0.1724.95. A specially crafted HTML document could potentially cause a remote attacker to incorrectly track the history of the user’s interactions with the Web site, potentially allowing for the hijacking of any actions taken.
CVE-2016-1654 was discovered in Google Chrome prior to version 65.0.1724.90. A maliciously crafted HTML document could cause the browser to load remote content into the foreground tab, potentially allowing for the execution of arbitrary code.

Vulnerability overview:

At the time of writing, there are 9 vulnerabilities reported with CVE-2016-1652, 3 vulnerabilities reported with CVE-2016-1653, 4 vulnerabilities reported with CVE-2016-1654, 2 vulnerabilities reported with CVE-2016-1655, and 2 vulnerabilities reported with CVE-2016-1656.

Newer versions of Google Chrome (64.0+) have already patched these vulnerabilities.

It is highly recommended that you upgrade your browser to the latest version.

Security Risk:

What Are the Risks?
If your website is not secured, you may be vulnerable to a number of different risks. Some of these include:
- Insecure websites are more likely to be attacked and compromised by hackers, who can steal personal data or perform other malicious activities
- Unsecured websites are more likely to have malware infections, which can cause your computer to crash
- Unsecured websites are more likely to have personal information stolen and used for marketing purposes

Impact of Vulnerability:

The vulnerability could potentially allow an attacker to perform a cross-site scripting (XSS) attack.
The vulnerability could potentially allow for the hijacking of any actions taken by the user on the browser.
With these vulnerabilities, an XSS attack would be possible. An attacker could exploit these vulnerabilities to spoof content from a trusted website, and then execute malicious code in the context of that website, allowing for the hijacking of any actions taken by the user on that site.

Timeline

Published on: 07/26/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References