9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.032 Low
EPSS
Percentile
90.1%
Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working
with HP’s Zero Day Initiative.
Universal XSS in extension bindings. Credit to anonymous.
Out-of-bounds write in V8. Credit to Choongwoo Han.
Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
Use-after-free related to extensions. Credit to Rob Wu.
Address bar spoofing. Credit to Luan Herrera.
Potential leak of sensitive information to malicious extensions. Credit
to Antonio Sanso (@asanso) of Adobe.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html
access.redhat.com/security/cve/CVE-2016-1651
access.redhat.com/security/cve/CVE-2016-1652
access.redhat.com/security/cve/CVE-2016-1653
access.redhat.com/security/cve/CVE-2016-1654
access.redhat.com/security/cve/CVE-2016-1655
access.redhat.com/security/cve/CVE-2016-1657
access.redhat.com/security/cve/CVE-2016-1658
access.redhat.com/security/cve/CVE-2016-1659
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.032 Low
EPSS
Percentile
90.1%