Google Chrome < 53.0.2785.92 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 53.0.2785.92. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop31 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 o...

Google Chrome < 53.0.2785.92 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 53.0.2785.92. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop31 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on...

EUVD-2016-2771

Malware in sbrugna...

SUSE CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code...

SUSE CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

SUSE CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

Updated chromium-browser-stable packages fix security vulnerability

Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS." CVE-2016-5147 Cross-site scripting XSS...

chromium-browser: script injection in extensions

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

FreeBSD : chromium -- multiple vulnerabilities (c039a761-2c29-11e6-8912-3065ec8fd3ec)

Google Chrome Releases reports : 15 security fixes in this release, including : - 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. - 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - 603725 Medium CVE-2016-1698:...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

Design/Logic Flaw

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

UBUNTU-CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

UBUNTU-CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1698

In CVE-2016-1698, Google Chrome’s extensions/renderer/resources/binding.js createCustomType did not validate module types, causing an information disclosure via a poisoned definition. Affected is Chrome before 51.0.2704.79; the issue could allow loading arbitrary modules or exposing sensitive dat...

CVE-2016-1698

Removed by vendor...

chromium-browser: cross-origin bypass in extension bindings

The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...