9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.016 Low
EPSS
Percentile
86.1%
Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,
allowing remote attackers to cause DoS to application or have
unspecified other impact. These functions failed to check for an
out-of-range palette when reading or writing PNG files with a bit_depth
less than 8. Some applications might read the bit depth from the IHDR
chunk and allocate memory for a 2^N entry palette, while libpng can
return a palette with up to 256 entries even when the bit depth is less
than 8.
Same-origin bypass in Blink. Credit to Mariusz Mlynski.
Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
Bad cast in Extensions.
Use-after-free in Blink. Credit to cloudfuzzer.
Use-after-free in Blink. Credit to Rob Wu.
SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan.
Information Leak in Skia. Credit to Keve Nagy.
WebAPI Bypass. Credit to Rob Wu.
Use-after-free in WebRTC. Credit to Khalil Zhani.
Origin confusion in Extensions UI. Credit to Luan Herrera.
Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html
access.redhat.com/security/cve/CVE-2015-8126
access.redhat.com/security/cve/CVE-2016-1630
access.redhat.com/security/cve/CVE-2016-1631
access.redhat.com/security/cve/CVE-2016-1632
access.redhat.com/security/cve/CVE-2016-1633
access.redhat.com/security/cve/CVE-2016-1634
access.redhat.com/security/cve/CVE-2016-1635
access.redhat.com/security/cve/CVE-2016-1636
access.redhat.com/security/cve/CVE-2016-1637
access.redhat.com/security/cve/CVE-2016-1638
access.redhat.com/security/cve/CVE-2016-1639
access.redhat.com/security/cve/CVE-2016-1640
access.redhat.com/security/cve/CVE-2016-1641
access.redhat.com/security/cve/CVE-2016-1642
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.016 Low
EPSS
Percentile
86.1%