Lucene search

K
osvGoogleOSV:DSA-3486-1
HistoryFeb 21, 2016 - 12:00 a.m.

chromium-browser - security update

2016-02-2100:00:00
Google
osv.dev
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2016-1622
    It was discovered that a maliciously crafted extension could bypass
    the Same Origin Policy.
  • CVE-2016-1623
    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.
  • CVE-2016-1624
    lukezli discovered a buffer overflow issue in the Brotli library.
  • CVE-2016-1625
    Jann Horn discovered a way to cause the Chrome Instant feature to
    navigate to unintended destinations.
  • CVE-2016-1626
    An out-of-bounds read issue was discovered in the openjpeg library.
  • CVE-2016-1627
    It was discovered that the Developer Tools did not validate URLs.
  • CVE-2016-1628
    An out-of-bounds read issue was discovered in the pdfium library.
  • CVE-2016-1629
    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
    along with a way to escape the chromium sandbox.

For the stable distribution (jessie), these problems have been fixed in
version 48.0.2564.116-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 48.0.2564.116-1.

We recommend that you upgrade your chromium-browser packages.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C