Google Chrome < 51.0.2704.79 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 51.0.2704.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 201606stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers...

Google Chrome < 51.0.2704.79 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 51.0.2704.79. It is, therefore, affected by multiple vulnerabilities as referenced in the 201606stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers t...

chromium-browser: parameter sanitization failure in devtools

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

Google Patches Two High-Severity Flaws in Chrome

Google on Wednesday updated the Chrome browser for the third time since the start of May. Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski $7,500 and Rob Wu $6,500. The previous Chrome update o...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 15 security fixes in this release, including: 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 603725 Medium CVE-2016-1698: Information lea...

chromium-browser: various fixes from internal audits

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

Google Chrome DevTools Subsystem Access Restriction Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in Google Chrome prior to version 48.0.2564.109 due to the DevTools subsystem failing to validate the URL scheme and ensure that the remoteBase parameter is associated with the...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

UBUNTU-CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

CVE-2016-1627

CVE-2016-1627 affects Google Chrome DevTools before 48.0.2564.109. The vulnerability arises because DevTools does not validate URL schemes and does not ensure that the remoteBase parameter is tied to chrome-devtools-frontend.appspot.com, enabling a remote attacker to bypass access restrictions. A...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

Solving rendering performance puzzles

You're missing demos in this post because JavaScript or inline SVG isn't available. The Chrome team are often asked to show the process of debugging a performance issue, including how to select tools and interpret results. Well, I was recently hit by an issue that required a bit of digging, here'...

Stable Channel Update

The Stable channel has been updated to 21.0.1180.89 for Linux, Mac, Windows and Chrome Frame This build fixes the following issues: Several Pepper Flash fixes Issue 140577, 144107, 140498, 142479. Microphone issues with tinychat.com Issue: 143192 devtools regression with "save as" of edited sourc...

Papoo 1.0.3 - Plugin.php Authentication Bypass

Papoo 1.0.3 - Plugin.php Authentication Bypass source: https://www.securityfocus.com/bid/24634/info Papoo is prone to an authentication-bypass vulnerability because the application fails to check user privileges when accessing the administration pages. An attacker can exploit this issue to gain...