Description
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or possibly execute arbitrary code.
Below is a complete list of vulnerabilities
- An improper user agent shadow DOM implementation at Blink can be exploited to cause denial of service or conduct another impact;
- Lack of relayout scheduling restrictions at Blink can be exploited remotely via a specially designed HTML to cause denial of service or conduct another impact;
- Multiple integer signedness errors at PDFium can be exploited remotely to cause denial of service or conduct another impact via a specially designed JPEG2000 data.
Technical details
Vulnerability (1) related to ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp. This vulnerability can be exploited via vectors related to type confusion.
Vulnerability (2) related to WebKit/Source/core/layout/LayoutObject.cpp
Vulnerability (3) related to opj_j2k_update_image_data function at j2k.c in OpenJPEG.
Original advisories
Related products
CVE list
- CVE-2016-1644 critical
- CVE-2016-1643 critical
- CVE-2016-1645 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com