Lucene search

K
archlinuxArch LinuxASA-201604-10
HistoryApr 17, 2016 - 12:00 a.m.

chromium: multiple issues

2016-04-1700:00:00
Arch Linux
lists.archlinux.org
24

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.032 Low

EPSS

Percentile

90.1%

  • CVE-2016-1651:

Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working
with HP’s Zero Day Initiative.

  • CVE-2016-1652:

Universal XSS in extension bindings. Credit to anonymous.

  • CVE-2016-1653:

Out-of-bounds write in V8. Credit to Choongwoo Han.

  • CVE-2016-1654:

Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.

  • CVE-2016-1655:

Use-after-free related to extensions. Credit to Rob Wu.

  • CVE-2016-1657:

Address bar spoofing. Credit to Luan Herrera.

  • CVE-2016-1658:

Potential leak of sensitive information to malicious extensions. Credit
to Antonio Sanso (@asanso) of Adobe.

  • CVE-2016-1659:

Various fixes from internal audits, fuzzing and other initiatives.

OSVersionArchitecturePackageVersionFilename
anyanyanychromium< 50.0.2661.75-1UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.032 Low

EPSS

Percentile

90.1%