9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.098 Low
EPSS
Percentile
94.2%
Various fixes from internal audits, fuzzing and other initiatives.
Sandbox escape in PPAPI. Credit to Pinkie Pie.
Use-after-free in Extensions. Credit to Adam Varsan.
Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team.
Same-origin bypass in Blink. Credit to Mariusz Mlynski.
Use-after-free in Blink. Credit to cloudfuzzer.
Same-origin bypass in V8.
Memory corruption in V8. Credit to Jeonghoon Shin.
URL spoofing. Credit to Wadih Matar.
Use-after-free in libxml. Credit to Nick Wellnhofer.
Limited same-origin bypass in Service Workers. Credit to Ben Kelly.
Origin confusion in proxy authentication. Credit to Patch Eudor.
URL leakage via PAC script. Credit to Paul Stone.
Content-Security-Policy bypass. Credit to ShenYeYinJiu of Tencent
Security Response Center, TSRC.
Use after free in extensions. Credit to Rob Wu.
History sniffing with HSTS and CSP. Credit to Xiaoyin Liu.
access.redhat.com/security/cve/CVE-2016-1705
access.redhat.com/security/cve/CVE-2016-1706
access.redhat.com/security/cve/CVE-2016-1708
access.redhat.com/security/cve/CVE-2016-1709
access.redhat.com/security/cve/CVE-2016-1710
access.redhat.com/security/cve/CVE-2016-1711
access.redhat.com/security/cve/CVE-2016-5127
access.redhat.com/security/cve/CVE-2016-5128
access.redhat.com/security/cve/CVE-2016-5129
access.redhat.com/security/cve/CVE-2016-5130
access.redhat.com/security/cve/CVE-2016-5131
access.redhat.com/security/cve/CVE-2016-5132
access.redhat.com/security/cve/CVE-2016-5133
access.redhat.com/security/cve/CVE-2016-5134
access.redhat.com/security/cve/CVE-2016-5135
access.redhat.com/security/cve/CVE-2016-5136
access.redhat.com/security/cve/CVE-2016-5137
googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.098 Low
EPSS
Percentile
94.2%