CVE-2016-1636

2016-03-0500:00:00

ubuntu.com

0.009 Low

EPSS

Percentile

82.7%

JSON

The PendingScript::notifyFinished function in
WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before
49.0.2623.75 relies on memory-cache information about integrity-check
occurrences instead of integrity-check successes, which allows remote
attackers to bypass the Subresource Integrity (aka SRI) protection
mechanism by triggering two loads of the same resource.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 49.0.2623.87-0ubuntu0.14.04.1.1112UNKNOWN
ubuntu15.10noarchchromium-browser< 49.0.2623.87-0ubuntu0.15.10.1.1222UNKNOWN
ubuntu14.04noarchoxide-qt< 1.13.6-0ubuntu0.14.04.1UNKNOWN
ubuntu15.10noarchoxide-qt< 1.13.6-0ubuntu0.15.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	chromium-browser	< 49.0.2623.87-0ubuntu0.14.04.1.1112	UNKNOWN
ubuntu	15.10	noarch	chromium-browser	< 49.0.2623.87-0ubuntu0.15.10.1.1222	UNKNOWN
ubuntu	14.04	noarch	oxide-qt	< 1.13.6-0ubuntu0.14.04.1	UNKNOWN
ubuntu	15.10	noarch	oxide-qt	< 1.13.6-0ubuntu0.15.10.1	UNKNOWN