GoogleOSV:DSA-3549-1chromium-browser - security update
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2016-1651
An out-of-bounds read issue was discovered in the pdfium library. - CVE-2016-1652
A cross-site scripting issue was discovered in extension bindings. - CVE-2016-1653
Choongwoo Han discovered an out-of-bounds write issue in the v8
javascript library. - CVE-2016-1654
Atte Kettunen discovered an uninitialized memory read condition. - CVE-2016-1655
Rob Wu discovered a use-after-free issue related to extensions. - CVE-2016-1657
Luan Herrera discovered a way to spoof URLs. - CVE-2016-1658
Antonio Sanso discovered an information leak related to extensions. - CVE-2016-1659
The chrome development team found and fixed various issues during
internal auditing.
For the stable distribution (jessie), these problems have been fixed in
version 50.0.2661.75-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 50.0.2661.75-1.
We recommend that you upgrade your chromium-browser packages.
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C