Lucene search

K
freebsdFreeBSD6FAE9FE1-5048-11E6-8AA7-3065EC8FD3EC
HistoryJul 20, 2016 - 12:00 a.m.

chromium -- multiple vulnerabilities

2016-07-2000:00:00
vuxml.freebsd.org
18

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.106

Percentile

95.0%

Google Chrome Releases reports:

48 security fixes in this release, including:

[610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to
Pinkie Pie xisigr of Tencent’s Xuanwu Lab
[613949] High CVE-2016-1708: Use-after-free in Extensions.
Credit to Adam Varsan
[614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.
Credit to ChenQin of Topsec Security Team
[616907] High CVE-2016-1710: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
[617495] High CVE-2016-1711: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
[618237] High CVE-2016-5127: Use-after-free in Blink. Credit
to cloudfuzzer
[619166] High CVE-2016-5128: Same-origin bypass in V8. Credit
to Anonymous
[620553] High CVE-2016-5129: Memory corruption in V8. Credit to
Jeonghoon Shin
[623319] High CVE-2016-5130: URL spoofing. Credit to Wadih
Matar
[623378] High CVE-2016-5131: Use-after-free in libxml. Credit
to Nick Wellnhofer
[607543] Medium CVE-2016-5132: Limited same-origin bypass in
Service Workers. Credit to Ben Kelly
[613626] Medium CVE-2016-5133: Origin confusion in proxy
authentication. Credit to Patch Eudor
[593759] Medium CVE-2016-5134: URL leakage via PAC script.
Credit to Paul Stone
[605451] Medium CVE-2016-5135: Content-Security-Policy bypass.
Credit to kingxwy
[625393] Medium CVE-2016-5136: Use after free in extensions.
Credit to Rob Wu
[625945] Medium CVE-2016-5137: History sniffing with HSTS and
CSP. Credit to Xiaoyin Liu
[629852] CVE-2016-1705: Various fixes from internal audits,
fuzzing and other initiatives.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium<Β 52.0.2743.82UNKNOWN
FreeBSDanynoarchchromium-npapi<Β 52.0.2743.82UNKNOWN
FreeBSDanynoarchchromium-pulse<Β 52.0.2743.82UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.106

Percentile

95.0%