9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
88.0%
Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.
Memory corruption in cross-process frames. Credit to Wadih Matar.
Use-after-free in extensions. Credit to Rob Wu.
Use-after-free in Blink’s V8 bindings. Credit to anonymous.
Address bar spoofing. Credit to Wadih Matar.
Information leak in V8. Credit to HyungSeok Han.
Various fixes from internal audits, fuzzing and other initiatives.
googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html
access.redhat.com/security/cve/CVE-2016-1660
access.redhat.com/security/cve/CVE-2016-1661
access.redhat.com/security/cve/CVE-2016-1662
access.redhat.com/security/cve/CVE-2016-1663
access.redhat.com/security/cve/CVE-2016-1664
access.redhat.com/security/cve/CVE-2016-1665
access.redhat.com/security/cve/CVE-2016-1666
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.021 Low
EPSS
Percentile
88.0%