Google Chrome < 51.0.2704.79 Multiple Vulnerabilities

Binary data 9373.pasl...

FreeBSD : chromium -- multiple vulnerabilities (c039a761-2c29-11e6-8912-3065ec8fd3ec)

Google Chrome Releases reports : 15 security fixes in this release, including : - 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. - 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - 603725 Medium CVE-2016-1698:...

openSUSE Security Update : Chromium (openSUSE-2016-1489)

Chromium was updated to 51.0.2704.79 to fix a number of security issues. boo982719 - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in...

openSUSE Security Update : Chromium (openSUSE-2016-682)

Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities : - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools ...

Google Chrome Access Restriction Bypass Vulnerability (CNVD-2016-03836)

Google Chrome is a web browsing tool developed by Google. In versions of Google Chrome prior to 51.0.2704.79, Blink/DevTools/WebKit/Source/devtools/frontend/devtools.js does not ensure that the remoteFrontendUrl parameter is associated with the chrome-devtools- frontend.appspot.com URL associatio...

UBUNTU-CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

Design/Logic Flaw

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

CVE-2016-1699

CVE-2016-1699 affects WebKit/Blink DevTools front_end/devtools.js in Google Chrome prior to 51.0.2704.79. The vulnerability is a parameter sanitization failure in DevTools that could allow a remote attacker to bypass access restrictions by using a crafted URL (remoteFrontendUrl not properly valid...

Gratipay: upgrade Aspen on inside.gratipay.com to pick up CR injection fix

1 Using IE11, open DevTools and start network capture 2 visit the following URL: http://inside.gratipay.com/assets/%0dSet-Cookie:%20qwe=qwe%0dq 3 find a 'qwe' cookie set in the response There is a 0x0d character injected, which can be used as a header delimiter in IE. To see this behaviour using...

Google Chrome < 51.0.2704.79 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 51.0.2704.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 201606stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers...

Google Chrome < 51.0.2704.79 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 51.0.2704.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 201606stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers t...

chromium-browser: parameter sanitization failure in devtools

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

Google Patches Two High-Severity Flaws in Chrome

Google on Wednesday updated the Chrome browser for the third time since the start of May. Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski $7,500 and Rob Wu $6,500. The previous Chrome update o...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 15 security fixes in this release, including: 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 603725 Medium CVE-2016-1698: Information lea...

chromium-browser: various fixes from internal audits

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

Google Chrome DevTools Subsystem Access Restriction Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in Google Chrome prior to version 48.0.2564.109 due to the DevTools subsystem failing to validate the URL scheme and ensure that the remoteBase parameter is associated with the...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

UBUNTU-CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...