Lucene search

K
archlinuxArch LinuxASA-201607-12
HistoryJul 24, 2016 - 12:00 a.m.

chromium: multiple issues

2016-07-2400:00:00
Arch Linux
lists.archlinux.org
16

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.098 Low

EPSS

Percentile

94.2%

  • CVE-2016-1705 (arbitrary code execution)

Various fixes from internal audits, fuzzing and other initiatives.

  • CVE-2016-1706 (sandbox escape)

Sandbox escape in PPAPI. Credit to Pinkie Pie.

  • CVE-2016-1708 (arbitrary code execution)

Use-after-free in Extensions. Credit to Adam Varsan.

  • CVE-2016-1709 (arbitrary code execution)

Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team.

  • CVE-2016-1710, CVE-2016-1711 (same-origin policy bypass)

Same-origin bypass in Blink. Credit to Mariusz Mlynski.

  • CVE-2016-5127 (arbitrary code execution)

Use-after-free in Blink. Credit to cloudfuzzer.

  • CVE-2016-5128 (same-origin policy bypass)

Same-origin bypass in V8.

  • CVE-2016-5129 (arbitrary code execution)

Memory corruption in V8. Credit to Jeonghoon Shin.

  • CVE-2016-5130 (URL spoofing)

URL spoofing. Credit to Wadih Matar.

  • CVE-2016-5131 (arbitrary code execution)

Use-after-free in libxml. Credit to Nick Wellnhofer.

  • CVE-2016-5132 (same-origin policy bypass)

Limited same-origin bypass in Service Workers. Credit to Ben Kelly.

  • CVE-2016-5133 (man-in-the-middle)

Origin confusion in proxy authentication. Credit to Patch Eudor.

  • CVE-2016-5134 (information leakage)

URL leakage via PAC script. Credit to Paul Stone.

  • CVE-2016-5135 (content security policy bypass)

Content-Security-Policy bypass. Credit to ShenYeYinJiu of Tencent
Security Response Center, TSRC.

  • CVE-2016-5136 (arbitrary code execution)

Use after free in extensions. Credit to Rob Wu.

  • CVE-2016-5137 (information leakage)

History sniffing with HSTS and CSP. Credit to Xiaoyin Liu.

OSVersionArchitecturePackageVersionFilename
anyanyanychromium< 52.0.2743.82-1UNKNOWN

References

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.098 Low

EPSS

Percentile

94.2%