Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2016-5208

CVE-2016-5208 is a UXSS cross-site scripting flaw in Blink for Google Chrome prior to 55.0.2883.75 on Linux/Windows and 55.0.2883.84 on Android, allowing remote script/HTML injection via crafted HTML during synchronous event handling. Desktop remediation: upgrade to Chrome 55.0.2883.75+ (and Chro...

Fedora 25 : chromium (2016-a815b7bf5d)

Update to Chromium 55. Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214,...

Fedora 24 : chromium (2016-e0e1cb2b2b)

Update to Chromium 55. Security fix for CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-9651, CVE-2016-5208, CVE-2016-5207, CVE-2016-5206, CVE-2016-5205, CVE-2016-5204, CVE-2016-5209, CVE-2016-5203, CVE-2016-5210, CVE-2016-5212, CVE-2016-5211, CVE-2016-5213, CVE-2016-5214,...

openSUSE Security Update : Chromium (openSUSE-2016-1453)

This update to Chromium 55.0.2883.75 fixes the following vulnerabilities : - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink -...