8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.072 Low
EPSS
Percentile
93.3%
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8 does not
ensure receiver compatibility before performing a cast of an unspecified
variable, which allows remote attackers to cause a denial of service or
possibly have unknown other impact via crafted JavaScript code. Credit
to cloudfuzzer.
Multiple use-after-free vulnerabilities in the formfiller implementation
in PDFium allow remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted PDF document,
related to improper tracking of the destruction of (1) IPWL_FocusHandler
and (2) IPWL_Provider objects.
The UnacceleratedImageBufferSurface class in
WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in
Blink mishandles the initialization mode, which allows remote attackers
to obtain sensitive information from process memory via a crafted web
site. Credit to Christoph Diehl.
The Omnibox implementation allows remote attackers to spoof a document’s
origin via unspecified vectors. Credit to Ron Masas.
The CustomButton::AcceleratorPressed function in
ui/views/controls/button/custom_button.cc allows remote attackers to
spoof URLs via vectors involving an unfocused custom button. Credit to
Luan Herrera.
The CSPSource::schemeMatches function in
WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security
Policy (CSP) implementation in Blink does not apply http policies to
https URLs and does not apply ws policies to wss URLs, which makes it
easier for remote attackers to determine whether a specific HSTS web
site has been visited by reading a CSP report. Credit to Yan Zhu.
Blink does not ensure that a proper cryptographicallyRandomValues random
number generator is used, which makes it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors.
Credit to Aaron Toponce.
Multiple integer overflows in the sycc422_to_rgb and sycc444_to_rgb
functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium allow remote
attackers to cause a denial of service (out-of-bounds read) or possibly
have unspecified other impact via a crafted PDF document. Credit to Keve
Nagy.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html
access.redhat.com/security/cve/CVE-2016-1612
access.redhat.com/security/cve/CVE-2016-1613
access.redhat.com/security/cve/CVE-2016-1614
access.redhat.com/security/cve/CVE-2016-1615
access.redhat.com/security/cve/CVE-2016-1616
access.redhat.com/security/cve/CVE-2016-1617
access.redhat.com/security/cve/CVE-2016-1618
access.redhat.com/security/cve/CVE-2016-1619
access.redhat.com/security/cve/CVE-2016-1620
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.072 Low
EPSS
Percentile
93.3%