chromium-browser: various fixes from internal audits

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

Google Chrome DevTools Subsystem Access Restriction Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in Google Chrome prior to version 48.0.2564.109 due to the DevTools subsystem failing to validate the URL scheme and ensure that the remoteBase parameter is associated with the...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

UBUNTU-CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

CVE-2016-1627

CVE-2016-1627 affects Google Chrome DevTools before 48.0.2564.109. The vulnerability arises because DevTools does not validate URL schemes and does not ensure that the remoteBase parameter is tied to chrome-devtools-frontend.appspot.com, enabling a remote attacker to bypass access restrictions. A...

CVE-2016-1627

The Developer Tools aka DevTools subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted...

Solving rendering performance puzzles

You're missing demos in this post because JavaScript or inline SVG isn't available. The Chrome team are often asked to show the process of debugging a performance issue, including how to select tools and interpret results. Well, I was recently hit by an issue that required a bit of digging, here'...

Stable Channel Update

The Stable channel has been updated to 21.0.1180.89 for Linux, Mac, Windows and Chrome Frame This build fixes the following issues: Several Pepper Flash fixes Issue 140577, 144107, 140498, 142479. Microphone issues with tinychat.com Issue: 143192 devtools regression with "save as" of edited sourc...

Papoo 1.0.3 - Plugin.php Authentication Bypass

Papoo 1.0.3 - Plugin.php Authentication Bypass source: https://www.securityfocus.com/bid/24634/info Papoo is prone to an authentication-bypass vulnerability because the application fails to check user privileges when accessing the administration pages. An attacker can exploit this issue to gain...