UBUNTU-CVE-2016-5160

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-5160

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-5160.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-5160

Upstream

CVE-2016-5160

Published

2016-09-11T10:59:00Z

Modified

2025-09-08T16:43:46Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.

References

Affected packages

Ubuntu:14.04:LTS / chromium-browser

Package

Name: chromium-browser
Purl: pkg:deb/ubuntu/chromium-browser@53.0.2785.143-0ubuntu0.14.04.1.1142?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

53.0.2785.143-0ubuntu0.14.04.1.1142

Affected versions

29.*

29.0.1547.65-0ubuntu2

31.*

31.0.1650.63-0ubuntu1~20131204.1

32.*

32.0.1700.107-0ubuntu1~20140204.977.1

33.*

33.0.1750.152-0ubuntu1~pkg995.1

34.*

34.0.1847.116-0ubuntu2

36.*

36.0.1985.125-0ubuntu1.14.04.0~pkg1029

37.*

37.0.2062.94-0ubuntu0.14.04.1~pkg1042

37.0.2062.120-0ubuntu0.14.04.1~pkg1049

38.*

38.0.2125.111-0ubuntu0.14.04.1.1061

39.*

39.0.2171.65-0ubuntu0.14.04.1.1064

40.*

40.0.2214.94-0ubuntu0.14.04.1.1068

40.0.2214.111-0ubuntu0.14.04.1.1069

41.*

41.0.2272.76-0ubuntu0.14.04.1.1076

43.*

43.0.2357.81-0ubuntu0.14.04.1.1089

43.0.2357.130-0ubuntu0.14.04.1.1092

44.*

44.0.2403.89-0ubuntu0.14.04.1.1095

45.*

45.0.2454.85-0ubuntu0.14.04.1.1097

45.0.2454.101-0ubuntu0.14.04.1.1099

47.*

47.0.2526.73-0ubuntu0.14.04.1.1106

47.0.2526.106-0ubuntu0.14.04.1.1107

48.*

48.0.2564.82-0ubuntu0.14.04.1.1108

48.0.2564.116-0ubuntu0.14.04.1.1111

49.*

49.0.2623.87-0ubuntu0.14.04.1.1112

49.0.2623.108-0ubuntu0.14.04.1.1113

50.*

50.0.2661.102-0ubuntu0.14.04.1.1117

51.*

51.0.2704.79-0ubuntu0.14.04.1.1121

52.*

52.0.2743.116-0ubuntu0.14.04.1.1134

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "chromium-browser",
            "binary_version": "53.0.2785.143-0ubuntu0.14.04.1.1142"
        },
        {
            "binary_name": "chromium-browser-l10n",
            "binary_version": "53.0.2785.143-0ubuntu0.14.04.1.1142"
        },
        {
            "binary_name": "chromium-chromedriver",
            "binary_version": "53.0.2785.143-0ubuntu0.14.04.1.1142"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg",
            "binary_version": "53.0.2785.143-0ubuntu0.14.04.1.1142"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg-extra",
            "binary_version": "53.0.2785.143-0ubuntu0.14.04.1.1142"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-5160.json"

Ubuntu:16.04:LTS / chromium-browser

Package

Name: chromium-browser
Purl: pkg:deb/ubuntu/chromium-browser@53.0.2785.143-0ubuntu0.16.04.1.1254?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

53.0.2785.143-0ubuntu0.16.04.1.1254

Affected versions

45.*

45.0.2454.101-0ubuntu1.1201

47.*

47.0.2526.73-0ubuntu1.1218

47.0.2526.106-0ubuntu1.1221

48.*

48.0.2564.82-0ubuntu1.1222

48.0.2564.116-0ubuntu1.1229

49.*

49.0.2623.87-0ubuntu1.1232

49.0.2623.108-0ubuntu1.1233

50.*

50.0.2661.102-0ubuntu0.16.04.1.1237

51.*

51.0.2704.79-0ubuntu0.16.04.1.1242

52.*

52.0.2743.116-0ubuntu0.16.04.1.1250

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "chromium-browser",
            "binary_version": "53.0.2785.143-0ubuntu0.16.04.1.1254"
        },
        {
            "binary_name": "chromium-browser-l10n",
            "binary_version": "53.0.2785.143-0ubuntu0.16.04.1.1254"
        },
        {
            "binary_name": "chromium-chromedriver",
            "binary_version": "53.0.2785.143-0ubuntu0.16.04.1.1254"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg",
            "binary_version": "53.0.2785.143-0ubuntu0.16.04.1.1254"
        },
        {
            "binary_name": "chromium-codecs-ffmpeg-extra",
            "binary_version": "53.0.2785.143-0ubuntu0.16.04.1.1254"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-5160.json"