Looks like the Chrome cve is CVE-2016-5163 and is fixed in chrome 53.0.2785.89.
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5163 ** Summary changed: - Security - CVE-2016-5267 - not fixed + Security - CVE-2016-5163 - not fixed ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5267 ** Changed in: chromium-browser (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1619911 Title: Security - CVE-2016-5163 - not fixed Status in chromium-browser package in Ubuntu: Confirmed Bug description: chromium-broswer # apt-cache policy chromium-browser chromium-browser: Installed: 37.0.2062.120-0ubuntu0.12.04.3 Candidate: 37.0.2062.120-0ubuntu0.12.04.3 Version table: *** 37.0.2062.120-0ubuntu0.12.04.3 0 500 http://ru.archive.ubuntu.com/ubuntu/ precise-updates/universe amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/universe amd64 Packages 100 /var/lib/dpkg/status 18.0.1025.151~r130497-0ubuntu1 0 500 http://ru.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages affected by http://www.rafayhackingarticles.net/2016/08/google-chrome- firefox-address-bar.html i.e. if I go to URL http://127.0.0.1/%EF%B9%B0/http://google.com/test I see "google.com" domain in address bar To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1619911/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
