4 matches found
Chrome Universal XSS via the interception of |Binding| with Object.prototype.create (CVE-2016-1674)
VULNERABILITY DETAILS The fix for the issue 590118 is insufficient to protect against the bindings interception. While they can't be accessed by triggering accessors on the |modules| object anymore, it's still possible to trap the set operation for |Binding. create| using the Object. prototype...
Google Chrome Program::getUniformInternal Denial of Service Vulnerability
Google Chrome is a web browsing tool developed by Google. In versions of Google Chrome prior to 49.0.2623.108, libANGLE/Program.cpp/Program::getUniformInternal does not properly handle certain data type mismatches, which can be exploited by remote attackers to cause a denial of service...
Google Fixes Four Critical Vulnerabilities in Latest Chrome Build
Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical. The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflo...
Stable Channel Update
The stable channel has been updated to 49.0.2623.108 for Windows, Mac, and Linux. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library...