CVE-2016-5124 When WebExtensions are installed on Google Chrome prior to 103.0.5060.135, they can overwrite the extension's search path value, allowing attackers to inject malicious extensions into the context via a crafted extension. An attacker who convinced a user to install a malicious extension could leverage this to potentially execute code with the privileges of the extension's process via user interaction.

CVE-2016-5125 When WebExtensions are installed on Google Chrome prior to 103.0.5060.135, they can be installed to a location that can be accessed by the user, which can allow attackers to inject malicious extensions into the context via a crafted extension. An attacker who convinced a user to install a malicious extension could leverage this to potentially execute code with the privileges of the extension's process via user interaction.

CVE-2016-5126 When WebExtensions are installed on Google Chrome prior to 103.0.5060.135, they can be installed to a location that can be accessed by the user, which can allow attackers to inject malicious extensions into the context via a crafted extension. An attacker who convinced a user to install a malicious extension could leverage this to potentially execute code with the privileges of the extension's process via user interaction.

CVE-2016-5127 When WebExtensions are installed on Google Chrome prior to 103.0.5060.135, they can be installed to a location that can be accessed by the user

FAQ

Q: What is WebExtensions?
A: WebExtensions are a set of APIs that allow developers to build browser extensions for the web. They were introduced in Google Chrome version 57 in 2016.

^~\What is the Google Chrome nowiki >


Google Chrome is an open-source web browser developed by Google and deployed worldwide. The browser's user interface is based on the Blink layout engine, a fork of WebKit. Chrome includes an ad-blocker, as of 2017, it had been downloaded more than 650 million times. As of April 2019, Chrome had about 63% market share across platforms.

Timeline

Published on: 07/28/2022 02:15:00 UTC
Last modified on: 08/30/2022 13:01:00 UTC

References