The specific version of Chrome that the system is running is reportedly affected by the following vulnerabilities:
Google Chrome contains a flaw in PPAPI that is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2016-1706)
Google Chrome for iOS contains a flaw in web/web_state/ui/crw_web_controller.mm that is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks. (CVE-2016-1707)
Google Chrome contains a use-after-free error related to extensions that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
(CVE-2016-1708)
Google sfntly contains an array indexing error in the ByteArray::Get() function in data/byte_array.cc that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-1709)
Google Chrome contains a flaw in web/ChromeClientImpl.cpp that is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1710)
Google Chrome contains a flaw in core/loader/FrameLoader.cpp that is triggered when handling frame navigations during DocumentLoader detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1711)
Google Chrome contains a use-after-free error in the previousLinePosition() function in core/editing/VisibleUnits.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5127)
Google V8 contains an unspecified flaw which may allow a context-dependent attacker to bypass the same-origin policy. No further details have been provided by the vendor. (CVE-2016-5128)
Google V8 contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-5129)
Google Chrome contains a flaw in the HistoryController::UpdateForCommit() function in content/renderer/history_controller.cc. The issue is triggered when handling two forward navigations that compete in different frames. This may allow a context-dependent attacker to perform URL spoofing attacks. (CVE-2016-5130)
Libxml2 contains a use-after-free error in the xmlXPtrRangeToFunction() function in xpointer.c. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5131)
Google Chrome contains a flaw related to Service Workers that is triggered when handling subframes of an insecure context. This may allow a context-dependent attacker to perform a limited bypass of the same-origin policy. (CVE-2016-5132)
Google Chrome contains a flaw related to proxy authentication that is triggere when handling origins. This may allow a context-dependent attacker to spoof the proxy server origin. (CVE-2016-5133)
Google Chrome contains a flaw that is triggered as https:// URLs are not properly sanitized before being sent to PAC scripts. This may allow a context-dependent attacker to leak URLs. (CVE-2016-5134)
Google Chrome contains a flaw in html/parser/HTMLPreloadScanner.cpp related to the handling of referrer policies. This may allow a context-dependent attacker to bypass the content security policy (CSP). (CVE-2016-5135)
Google Chrome contains a use-after-free error in extensions/renderer/user_script_injector.cc that is triggered when handling UserScript pointers. This may allow a malicious extension to dereference already freed memory and potentially execute arbitrary code with elevated privileges. (CVE-2016-5136)
Google Chrome contains a flaw in the CSPSource::portMatches() function in frame/csp/CSPSource.cpp related to HSTS and CSP when handling HTTP vs HTTPS ports in source expressions. This may allow a context-dependent attacker to disclose browsing history information. (CVE-2016-5137)
Google Chrome contains a flaw in the LayoutBox::removeFloatingOrPositionedChildFromBlockLists() function in core/layout/LayoutBox.cpp that is triggered when handling LayoutView floats. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)
Google Chrome contains a flaw in the Resource::canUseCacheValidator() function in core/fetch/Resource.cpp that is triggered when revalidating Resource with redirects. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)
Google Chrome contains a flaw in the Resource::willFollowRedirect() function in core/fetch/Resource.cpp that is triggered when handling redirect responses while revalidating resources. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)
Google Chrome contains a flaw in net/url_request/sdch_dictionary_fetcher.cc that is triggered when handling dictionary requests failing after receiving data. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)
Google Chrome contains a flaw in the ShapeResultSpacing::computeSpacing() function in platform/fonts/shaping/ShapeResultSpacing.cpp that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)
Google Chrome contains a flaw in the Channel::Message::Deserialize() function in mojo/edk/system/channel.cc that is triggered when handling header sizes in channel messages. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)
Google Chrome contains an unspecified flaw in Font::individualCharacterRanges() function in platform/fonts/Font.cpp, which may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)
Google WebRTC contains an out-of-bounds read flaw in the WebRtcIsacfix_PitchFilter() and WebRtcIsacfix_PitchFilterGains() functions in modules/audio_coding/codecs/isac/fix/source/pitch_filter.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1705)
Google Chrome contains a flaw in org/chromium/chrome/browser/toolbar/CustomTabToolbarAnimationDelegate.java that is due to the program failing to properly load security icons on custom HTTP connection tabs. This may allow a context-dependent attacker to spoof valid icons. (CVE-2016-1705)
Google Skia contains an integer overflow condition in the SkLinearGradient::LinearGradientContext::shade4_dx_clamp() function in effects/gradients/SkLinearGradient.cpp . The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)
libvpx contains an invalid read flaw in the setup_frame_size_with_refs() function in vp9/decoder/vp9_decodeframe.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
Google Chrome contains an unspecified flaw in extensions that is triggered during the handling of NativeMessaging IDs. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)
Google Chrome contains an out-of-bounds read flaw in the HTMLMenuItemElement::defaultEventHandler() function in core/html/HTMLMenuItemElement.cpp that may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2016-1705)
Google Chrome contains an unspecified flaw in the GURL::ReplaceComponents() function in url/gurl.cc that is triggered during inner URL creation. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (CVE-2016-1705)
Google V8 contains an unspecified flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1705)
Binary data 802027.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137
googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
jvn.jp/vu/JVNVU90289707/index.html
lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
news.softpedia.com/news/chrome-52-released-with-support-for-css-containment-and-performance-measurement-506482.shtml
seclists.org/bugtraq/2016/Aug/7
www.google.com/chrome/
www.splunk.com/view/SP-CAAAPQM
www.ubuntu.com/usn/usn-3041-1/
bugs.chromium.org/p/chromium/issues/detail?id=590619
bugs.chromium.org/p/chromium/issues/detail?id=593759
bugs.chromium.org/p/chromium/issues/detail?id=599458
bugs.chromium.org/p/chromium/issues/detail?id=600953
bugs.chromium.org/p/chromium/issues/detail?id=605451
bugs.chromium.org/p/chromium/issues/detail?id=607543
bugs.chromium.org/p/chromium/issues/detail?id=609286
bugs.chromium.org/p/chromium/issues/detail?id=610600
bugs.chromium.org/p/chromium/issues/detail?id=612939
bugs.chromium.org/p/chromium/issues/detail?id=613626
bugs.chromium.org/p/chromium/issues/detail?id=613869
bugs.chromium.org/p/chromium/issues/detail?id=613949
bugs.chromium.org/p/chromium/issues/detail?id=613971
bugs.chromium.org/p/chromium/issues/detail?id=614701
bugs.chromium.org/p/chromium/issues/detail?id=614934
bugs.chromium.org/p/chromium/issues/detail?id=614989
bugs.chromium.org/p/chromium/issues/detail?id=615820
bugs.chromium.org/p/chromium/issues/detail?id=616907
bugs.chromium.org/p/chromium/issues/detail?id=617495
bugs.chromium.org/p/chromium/issues/detail?id=618237
bugs.chromium.org/p/chromium/issues/detail?id=619166
bugs.chromium.org/p/chromium/issues/detail?id=619382
bugs.chromium.org/p/chromium/issues/detail?id=620553
bugs.chromium.org/p/chromium/issues/detail?id=620737
bugs.chromium.org/p/chromium/issues/detail?id=620858
bugs.chromium.org/p/chromium/issues/detail?id=620952
bugs.chromium.org/p/chromium/issues/detail?id=621843
bugs.chromium.org/p/chromium/issues/detail?id=622183
bugs.chromium.org/p/chromium/issues/detail?id=622522
bugs.chromium.org/p/chromium/issues/detail?id=623319
bugs.chromium.org/p/chromium/issues/detail?id=623378
bugs.chromium.org/p/chromium/issues/detail?id=625393
bugs.chromium.org/p/chromium/issues/detail?id=625945
bugs.chromium.org/p/chromium/issues/detail?id=629852
bugzilla.gnome.org/show_bug.cgi?id=768428
bugzilla.gnome.org/show_bug.cgi?id=769160
chromium.googlesource.com/webm/libvpx
developers.google.com/v8/
github.com/sparklemotion/nokogiri/issues/1528
www.debian.org/security/2016/dsa-3637