Описание
Security update for Chromium
Chromium was updated to 49.0.2623.110 to fix the following security issues:
- CVE-2016-1646: Out-of-bounds read in V8
- CVE-2016-1647: Use-after-free in Navigation
- CVE-2016-1648: Use-after-free in Extensions
- CVE-2016-1649: Buffer overflow in libANGLE
- CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives
- CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0930-1
- SUSE Security Ratings
Описание
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2016-1646
- SUSE Bug 972834
- SUSE Bug 973166
Описание
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-1647
- SUSE Bug 972834
- SUSE Bug 973166
Описание
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2016-1648
- SUSE Bug 972834
- SUSE Bug 973166
Описание
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
Затронутые продукты
Ссылки
- CVE-2016-1649
- SUSE Bug 972834
- SUSE Bug 973166
Описание
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
Затронутые продукты
Ссылки
- CVE-2016-1650
- SUSE Bug 972834
- SUSE Bug 973166
Описание
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-3679
- SUSE Bug 972834
- SUSE Bug 973166