chromium-browser: same-origin bypass in blink

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

RHEL 6 : chromium-browser (RHSA-2016:1485)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2016:1485 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 52.0.2743.82. Security Fixes:...

openSUSE Security Update : Chromium (openSUSE-2016-901)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901 : - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

openSUSE Security Update : Chromium (openSUSE-2016-900)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901 : - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

[SECURITY] [DLA 558-1] squid security update

Package : squid Version : 2.7.STABLE9-4.1+deb7u2 CVE ID : CVE-2016-4554 A security issue has been discovered in the Squid chaching proxy, on its 2.7.STABLE9 version branch. CVE-2016-4554 Jianjun Chen found that Squid was vulnerable to a header smuggling attack that could lead to cache poisoning a...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

OPENSUSE-SU-2016:1869-1 Security update for Chromium

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

OPENSUSE-SU-2016:1868-1 Security update for Chromium

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

Fast Browser Vulnerability

KChrome, derived from Google's open source project Chromium and compatible with IE, is a browser with dual kernels of Webkit and IE. Thanks to the high performance of Webkit, you will be faster when browsing the web in normal times. A design vulnerability exists in Crypto Browser that allows...

Adobe Reader and Acrobat Security Bypass (APSB16-26 : CVE-2016-4215)

This vulnerability is an instance of same-origin policy violation. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted PDF file. Successful exploitation can trick embedded JavaScript code to run in the wrong context, potentially leading to a security bypass...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2016-05520)

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A same-origin policy bypass vulnerability exists in the 'ChromeClientImpl::createWindow' method in the WebKit/Source/web/ChromeClientImpl.cpp fi...

FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)

Google Chrome Releases reports : 48 security fixes in this release, including : - 610600 High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab - 613949 High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan - 614934 High CVE-2016-1709:...

DLA-558-1 squid - security update

Bulletin has no description...

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

CVE-2016-5128

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2016-5128

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2016-1711

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...