Описание
Security update for Chromium
Chromium was updated to 50.0.2661.102 to fix four vulnerabilities (boo#979859):
- CVE-2016-1667: Same origin bypass in DOM
- CVE-2016-1668: Same origin bypass in Blink V8 bindings
- CVE-2016-1669: Buffer overflow in V8
- CVE-2016-1670: Race condition in loader
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1304-1
- SUSE Security Ratings
Описание
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-1667
- SUSE Bug 979859
Описание
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-1668
- SUSE Bug 979859
Описание
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2016-1669
- SUSE Bug 979859
- SUSE Bug 987919
Описание
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
Затронутые продукты
Ссылки
- CVE-2016-1670
- SUSE Bug 979859