chromium -- multiple vulnerabilities

ID C039A761-2C29-11E6-8912-3065EC8FD3EC
Type freebsd
Reporter FreeBSD
Modified 2016-06-01T00:00:00


Google Chrome Releases reports:

15 security fixes in this release, including:

601073] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. [613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. [603725] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu. [607939] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal. [608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu. [608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu. [609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer. [616539] CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives.