Lucene search

K
archlinuxArch LinuxASA-201609-1
HistorySep 01, 2016 - 12:00 a.m.

chromium: multiple issues

2016-09-0100:00:00
Arch Linux
lists.archlinux.org
14

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.1%

  • CVE-2016-5147 CVE-2016-5148 (cross-site scripting)

Universal XSS in Blink.

  • CVE-2016-5149 (script injection)

Script injection in extensions.

  • CVE-2016-5150 (arbitrary code execution)

Use after free in Blink.

  • CVE-2016-5151 (arbitrary code execution)

Use after free in PDFium.

  • CVE-2016-5152 CVE-2016-5154 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159
    (arbitrary code execution)

Heap overflow in PDFium.

  • CVE-2016-5153 (arbitrary code execution)

Use after destruction in Blink.

  • CVE-2016-5155 CVE-2016-5163 (address bar spoofing)

Address bar spoofing.

  • CVE-2016-5156 (arbitrary code execution)

Use after free in event bindings.

  • CVE-2016-5160 CVE-2016-5162 (access restriction bypass)

Extensions web accessible resources bypass.

  • CVE-2016-5161 (arbitrary code execution)

Type confusion in Blink.

  • CVE-2016-5164 (address bar spoofing)

Universal XSS using DevTools.

  • CVE-2016-5165 (script injection)

Script injection in DevTools.

  • CVE-2016-5166 (smb relay attack)

SMB Relay Attack via Save Page As.

  • CVE-2016-5167 (arbitrary code execution)

Various fixes from internal audits, fuzzing and other initiatives.

OSVersionArchitecturePackageVersionFilename
anyanyanychromium< 53.0.2785.89-1UNKNOWN

References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.1%