9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.236 Low
EPSS
Percentile
96.5%
Severity: Critical
Date : 2016-12-03
CVE-ID : CVE-2016-5203 CVE-2016-5204 CVE-2016-5205 CVE-2016-5206
CVE-2016-5207 CVE-2016-5208 CVE-2016-5209 CVE-2016-5210
CVE-2016-5211 CVE-2016-5212 CVE-2016-5213 CVE-2016-5214
CVE-2016-5215 CVE-2016-5216 CVE-2016-5217 CVE-2016-5218
CVE-2016-5219 CVE-2016-5220 CVE-2016-5221 CVE-2016-5222
CVE-2016-5223 CVE-2016-5224 CVE-2016-5225 CVE-2016-5226
CVE-2016-9650 CVE-2016-9651 CVE-2016-9652
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package chromium before version 55.0.2883.75-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, arbitrary filesystem access, cross-site scripting, same-origin
policy bypass, content spoofing, insufficient validation and
information disclosure.
Upgrade to 55.0.2883.75-1.
The problems have been fixed upstream in version 55.0.2883.75.
None.
An use after free flaw was found in the PDFium component of the
Chromium browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
A same-origin bypass flaw was found in the PDFium component of the
Chromium browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An universal XSS flaw was found in the Blink component of the Chromium
browser.
An out of bounds write flaw was found in the Blink component of the
Chromium browser.
An out of bounds write flaw was found in the PDFium component of the
Chromium browser.
An use after free flaw was found in the PDFium component of the
Chromium browser.
A local file disclosure flaw was found in the DevTools component of the
Chromium browser.
An use after free flaw was found in the V8 component of the Chromium
browser.
A file download protection bypass was discovered in the Chromium
browser.
An use after free flaw was found in the Webaudio component of the
Chromium browser.
An use after free flaw was found in the PDFium component of the
Chromium browser.
An use of unvalidated data flaw was found in the PDFium component of
the Chromium browser.
An address spoofing flaw was found in the Omnibox component of the
Chromium browser.
An use after free flaw was found in the V8 component of the Chromium
browser.
A local file access flaw was found in the PDFium component of the
Chromium browser.
An integer overflow flaw was found in the ANGLE component of the
Chromium browser.
An address spoofing flaw was found in the Omnibox component of the
Chromium browser.
An integer overflow flaw was found in the PDFium component of the
Chromium browser.
A same-origin bypass flaw was found in the SVG component of the
Chromium browser.
A CSP bypass flaw was found in the Blink component of the Chromium
browser.
A limited XSS flaw was found in the Blink component of the Chromium
browser.
A CSP referrer disclosure vulnerability has been discovered in the
Chromium browser.
A private property access flaw was found in the V8 component of the
Chromium browser.
Various fixes from internal audits, fuzzing and other initiatives.
A remote attacker can bypass various restrictions, access sensitive
information, spoof certain content or execute arbitrary code on the
affected host.
https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html
https://access.redhat.com/security/cve/CVE-2016-5203
https://access.redhat.com/security/cve/CVE-2016-5204
https://access.redhat.com/security/cve/CVE-2016-5205
https://access.redhat.com/security/cve/CVE-2016-5206
https://access.redhat.com/security/cve/CVE-2016-5207
https://access.redhat.com/security/cve/CVE-2016-5208
https://access.redhat.com/security/cve/CVE-2016-5209
https://access.redhat.com/security/cve/CVE-2016-5210
https://access.redhat.com/security/cve/CVE-2016-5211
https://access.redhat.com/security/cve/CVE-2016-5212
https://access.redhat.com/security/cve/CVE-2016-5213
https://access.redhat.com/security/cve/CVE-2016-5214
https://access.redhat.com/security/cve/CVE-2016-5215
https://access.redhat.com/security/cve/CVE-2016-5216
https://access.redhat.com/security/cve/CVE-2016-5217
https://access.redhat.com/security/cve/CVE-2016-5218
https://access.redhat.com/security/cve/CVE-2016-5219
https://access.redhat.com/security/cve/CVE-2016-5220
https://access.redhat.com/security/cve/CVE-2016-5221
https://access.redhat.com/security/cve/CVE-2016-5222
https://access.redhat.com/security/cve/CVE-2016-5223
https://access.redhat.com/security/cve/CVE-2016-5224
https://access.redhat.com/security/cve/CVE-2016-5225
https://access.redhat.com/security/cve/CVE-2016-5226
https://access.redhat.com/security/cve/CVE-2016-9650
https://access.redhat.com/security/cve/CVE-2016-9651
https://access.redhat.com/security/cve/CVE-2016-9652
access.redhat.com/security/cve/CVE-2016-5203
access.redhat.com/security/cve/CVE-2016-5204
access.redhat.com/security/cve/CVE-2016-5205
access.redhat.com/security/cve/CVE-2016-5206
access.redhat.com/security/cve/CVE-2016-5207
access.redhat.com/security/cve/CVE-2016-5208
access.redhat.com/security/cve/CVE-2016-5209
access.redhat.com/security/cve/CVE-2016-5210
access.redhat.com/security/cve/CVE-2016-5211
access.redhat.com/security/cve/CVE-2016-5212
access.redhat.com/security/cve/CVE-2016-5213
access.redhat.com/security/cve/CVE-2016-5214
access.redhat.com/security/cve/CVE-2016-5215
access.redhat.com/security/cve/CVE-2016-5216
access.redhat.com/security/cve/CVE-2016-5217
access.redhat.com/security/cve/CVE-2016-5218
access.redhat.com/security/cve/CVE-2016-5219
access.redhat.com/security/cve/CVE-2016-5220
access.redhat.com/security/cve/CVE-2016-5221
access.redhat.com/security/cve/CVE-2016-5222
access.redhat.com/security/cve/CVE-2016-5223
access.redhat.com/security/cve/CVE-2016-5224
access.redhat.com/security/cve/CVE-2016-5225
access.redhat.com/security/cve/CVE-2016-5226
access.redhat.com/security/cve/CVE-2016-9650
access.redhat.com/security/cve/CVE-2016-9651
access.redhat.com/security/cve/CVE-2016-9652
googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html
wiki.archlinux.org/index.php/CVE
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.236 Low
EPSS
Percentile
96.5%