Beschreibung
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or cause denial of service.
Below is a complete list of vulnerabilities
- An characters handling can be exploited remotely via a specially designed URL to obtain sensitive information; (Android)
- Race condition can be exploited remotely via renderer process manipulations to bypass security restrictions;
- An improper memory allocation at V8 can be exploited remotely via a specially designed JavaScript to cause denial of service;
- An improper creation context usage can be exploited remotely via a specially designed web site to bypass security restrictions;
- Lack of script execution restrictions at Blink can be exploited remotely via a specially designed web site to bypass security restrictions.
Technical details
Vulnerability (1) related to net/base/escape.cc and net/base/filename_util.cc which mishandles slash and backslash symbols. This vulnerability can be exploited via directory traversal attack.
Vulnerability (2) ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc and can allow attacker to conduct arbitrary HTTP requests. This vulnerability can be exploited via access to renderer process and reusing request ID.
Vulnerability (3) related to Zone::New function in zone.cc which does not properly determine when to expand certain memory allocations.
Vulnerability (4) related to forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h and can be exploited to bypass Same Origin Policy.
Vulnerability (5) related to TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp at the DOM implementation which does not prevent script execution during node-adoption operations. This vulnerability can be exploited to bypass Same Origin Policy.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2016-1668 critical
- CVE-2016-1667 critical
- CVE-2016-1670 critical
- CVE-2016-1669 critical
- CVE-2016-1671 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com