Описание
Security update for Chromium
Chromium was updated to 50.0.2661.94 to fix a number of vulnerabilities (boo#977830):
- CVE-2016-1660: Out-of-bounds write in Blink
- CVE-2016-1661: Memory corruption in cross-process frames
- CVE-2016-1662: Use-after-free in extensions
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings
- CVE-2016-1664: Address bar spoofing
- CVE-2016-1665: Information leak in V8
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1208-1
- SUSE Security Ratings
Описание
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-1660
- SUSE Bug 977830
Описание
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
Затронутые продукты
Ссылки
- CVE-2016-1661
- SUSE Bug 977830
Описание
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-1662
- SUSE Bug 977830
Описание
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-1663
- SUSE Bug 977830
Описание
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-1664
- SUSE Bug 977830
Описание
The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2016-1665
- SUSE Bug 977830
Описание
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-1666
- SUSE Bug 977830