Google Chrome PAC function Information Leakage Vulnerability (CVE-2016-5134)
Google Chrome PAC function Information Leakage Vulnerability (CVE-2016-5134)
Release date:
Updated on:
Affected Systems:
Google Chrome <52.0.2743.82
Description:
CVE (CAN) ID: CVE-2016-5134
Google Chrome is a Web browser tool developed by Google.
In versions earlier than Google Chrome <52.0.2743.82, the PAC function net/proxy/proxy_service.cc does not ensure that URL information is limited to a specific scheme, host, and port. Remote attackers can use the PAC script to operate the server and obtain the credential information.
<* Source: Google
*>
Suggestion:
Vendor patch:
Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://crbug.com/593759
Https://codereview.chromium.org/1996773002
Http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
This article permanently updates the link address: