openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1918-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : Chromium (openSUSE-2016-919)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901 : - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

chromium-browser: history sniffing with hsts and csp

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs,...

openSUSE Security Update : Chromium (openSUSE-2016-901)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901 : - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

RHEL 6 : chromium-browser (RHSA-2016:1485)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2016:1485 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 52.0.2743.82. Security Fixes:...

openSUSE Security Update : Chromium (openSUSE-2016-900)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901 : - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)

Google Chrome Releases reports : 48 security fixes in this release, including : - 610600 High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab - 613949 High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan - 614934 High CVE-2016-1709:...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 48 security fixes in this release, including: 610600 High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab 613949 High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan 614934 High CVE-2016-1709:...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 52 to the stable channel for Windows, Mac and Linux. Chrome 52.0.2743.82 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:0250-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : chromium -- multiple vulnerabilities (371bbea9-3836-4832-9e70-e8e928727f8c)

Google Chrome Releases reports : This update includes 37 security fixes, including : - 497632 High CVE-2016-1612: Bad cast in V8. - 572871 High CVE-2016-1613: Use-after-free in PDFium. - 544691 Medium CVE-2016-1614: Information leak in Blink. - 468179 Medium CVE-2016-1615: Origin confusion in...

Google Chrome < 48.0.2564.82 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 48.0.2564.82. It is, therefore, affected by multiple vulnerabilities as referenced in the 201601stable-channel-update20 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attacke...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 48 to the stable channel for Windows, Mac and Linux. Chrome 48.0.2564.82 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: This update includes 37 security fixes, including: 497632 High CVE-2016-1612: Bad cast in V8. 572871 High CVE-2016-1613: Use-after-free in PDFium. 544691 Medium CVE-2016-1614: Information leak in Blink. 468179 Medium CVE-2016-1615: Origin confusion in Omnibox. 5414...

FTC Settles With Ad Network Over Browser History Sniffing

The FTC has reached a settlement with Epic Marketplace, a large online ad network, related to what the FTC says is the company’s practice of sniffing users’ browser history for the purpose of serving them targeted ads related to a variety of sensitive topics. The settlement bars Epic from...

History Sniffing Case Dismissed Because Defendant Fails to Quantify Losses

A federal court in New York has dismissed a case in which the plaintiff claimed that a third-party advertiser had violated the Computer Fraud and Abuse Act CFAA by sniffing her browser history and using flash cookies, ruling that the plaintiff didn’t prove that the actions were harmful enough...

Microsoft Drops Use of 'Supercookies' on MSN

In response to work by Stanford University researchers who found that Microsoft and several other high-profile companies were using a controversial technique to keep persistent cookies on users’ PCs to track their movements, Microsoft says it has discontinued the practice of using so-called...

Researchers Find Browser History-Sniffing Still Ongoing

The practice of history sniffing, which has been seen as out-of-bounds and a serious privacy violation for the better part of a decade now, is still ongoing by some ad networks, researchers have found. A study completed recently by researchers at Stanford University’s Center for Internet and...