9.3
CVSSv2

CVE-2016-1706

Published: 23/07/2016 Updated: 01/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The PPAPI implementation in Google Chrome prior to 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote malicious users to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.

Vendor Advisories

Several security issues were fixed in Oxide ...
Several vulnerabilities have been discovered in the chromium web browser CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing CVE-2016-1706 Pinkie Pie discovered a way to escape the P ...

Github Repositories

A Collection of Chrome Sandbox Escape POCs/Exploits for learning

Case Study of Chrome Sandbox Escape A Collection of Chrome Sandbox Escape POCs/Exploits for learning Permission Allowed Issues Issue Type Summary Label Reporter Links crbug-1062091 MojoJS POC UAF in InstalledAppProviderImpl M-81, reward-25000 Tim Becker Theori Blog crbug-1055393 HTML POC UAF in Accessibility M-81, M-82, reward-20000 Pawel Wylecial RedTeam Blog crbug

Recent Articles

Google Fixes 48 Bugs, Sandbox Escape, in Chrome
Threatpost • Tom Spring • 21 Jul 2016

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.
That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday.
Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.
Among the other serious vulne...

Google Chrome 52.0.2743.82 released with 48 Security Fixes
BleepingComputer • Lawrence Abrams • 20 Jul 2016

Version 52.0.2743.82 of Google Chrome was released today that contains 48 security fixes. Of those 48 fixes, 17 were highlighted as coming from external sources and being eligible for a bounty for their disclosure.

Of these external disclosures, $21,000 was paid in bounties, with the amount for the other 11 disclosures still being determined.  The highest bounty was paid to Pinkie Pie, the well known Chrome hacker who won Google’s Pwnium competition in 2012, for discoveri...