Google Chrome < 53.0.2785.92 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 53.0.2785.92. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop31 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 o...

Google Chrome < 53.0.2785.92 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 53.0.2785.92. It is, therefore, affected by multiple vulnerabilities as referenced in the 201608stable-channel-update-for-desktop31 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on...

EUVD-2016-2771

Malware in sbrugna...

SUSE CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code...

SUSE CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

SUSE CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

Updated chromium-browser-stable packages fix security vulnerability

Blink, as used in Chromium before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS UXSS." CVE-2016-5147 Cross-site scripting XSS...

chromium-browser: script injection in extensions

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

FreeBSD : chromium -- multiple vulnerabilities (c039a761-2c29-11e6-8912-3065ec8fd3ec)

Google Chrome Releases reports : 15 security fixes in this release, including : - 601073 High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. - 613266 High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - 603725 Medium CVE-2016-1698:...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

Design/Logic Flaw

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1676

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

UBUNTU-CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1698

Removed by vendor...

CVE-2016-1698

In CVE-2016-1698, Google Chrome’s extensions/renderer/resources/binding.js createCustomType did not validate module types, causing an information disclosure via a poisoned definition. Affected is Chrome before 51.0.2704.79; the issue could allow loading arbitrary modules or exposing sensitive dat...

chromium-browser: information leak in extension bindings

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...