阿里云漏洞库

Google Chrome是由Google开发的一款Web浏览工具。

Google Chrome 52.0.2743.82之前版本content/renderer/history_control未正确限制JavaScript forward方法的多种使用存在安全漏洞，允许远程攻击者利用该漏洞进行恶意网站URL欺骗。

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

参考链接
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
http://rhn.redhat.com/errata/RHSA-2016-1485.html
http://www.debian.org/security/2016/dsa-3637
http://www.securityfocus.com/bid/92053
http://www.securitytracker.com/id/1036428
http://www.ubuntu.com/usn/USN-3041-1
https://bugs.chromium.org/p/chromium/issues/detail?id=626838
https://codereview.chromium.org/2134493002/
https://codereview.chromium.org/2144823002
https://crbug.com/623319
https://security.gentoo.org/glsa/201610-09

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	google	chrome	*		Up to (including) 51.0.2704.106
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 52.0.2743.82-1
	运行在以下环境
	系统	opensuse_13.1	chromium-ffmpegsumo-debuginfo	*		Up to (excluding) 52.0.2743.82-150.1
	运行在以下环境
	系统	opensuse_13.2	chromium-desktop-gnome	*		Up to (excluding) 52.0.2743.82-111.1
	运行在以下环境
	系统	opensuse_Leap_42.1	chromium-ffmpegsumo	*		Up to (excluding) 52.0.2743.82-89.1
	运行在以下环境
	系统	ubuntu_14.04	chromium-browser	*		Up to (excluding) 1.16.5-0ubuntu0.14.04.1
	运行在以下环境
	系统	ubuntu_14.04.6_lts	chromium-browser	*		Up to (excluding) 52.0.2743.116-0ubuntu0.14.04.1.1134
	运行在以下环境
	系统	ubuntu_16.04	chromium-browser	*		Up to (excluding) 1.16.5-0ubuntu0.16.04.1
	运行在以下环境
	系统	ubuntu_16.04.7_lts	chromium-browser	*		Up to (excluding) 52.0.2743.116-0ubuntu0.16.04.1.1250

CWE-ID	漏洞类型
CWE-284	访问控制不恰当