CVE-2016-5196

Summary

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

Affected Software

VendorProductVersion RangeStatus
n/aGoogle Chrome prior to 54.0.2840.85 for AndroidGoogle Chrome prior to 54.0.2840.85 for Androidaffected

Weaknesses

  • insufficient policy enforcement

ADP Enrichment

CVE Program Container

Additional References

References