Дата обнаружения
|
02/03/2016 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities
Technical details Vulnerability (1) caused by CSP implementation which does not ignore URL’s path during ServiceWorker fetch. Success exploitation of this vulnerability can lead to disclosure of information about visited web pages by reading CSP violation reports. This vulnerability related to FrameFetchContext.cpp and ResourceFetcher.cpp Vulnerability (2) caused by lack of detection whether anonymous block wrapper exists or not. This vulnerability related to WebKit/Source/core/layout/LayoutBlock.cpp Vulnerability (5) can be exploited via an image download after a certain data structure is deleted. This vulnerability related to content/browser/web_contents/web_contents_impl.cc Vulnerability (6) caused by Web Store inline installer implementation in Extensions UI which does not block installations upon deletion of an installation frame. Exploitation of this vulnerability can lead lead user to believing that installation request originated by next navigation target. Vulnerability (7) related to browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc and can be exploited via leveraging incorrect reliance on the resource context pointer. Vulnerability (8) related to extensions/renderer/resources/platform_app.js Vulnerability (9) caused by mishandling of asctangent calculations and related to SkATan2_255 function in effects/gradients/SkSweepGradient.cpp Vulnerability (10) caused by checking memory-cache information about integrity-check occurrences instead of integrity-check successes, and can be can be exploited via two loads of the same resource. Successful exploitation of this vulnerability can lead to bypass of Subresource Integrity protection. This vulnerability related to PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp Vulnerability (11) caused by improper considering objects lifetimes and re-entrancy during OnDocumentElementCreated handling. This vulnerability related to extensions/renderer/render_frame_observer_natives.cc Vulnerability (12) related to StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp and can be exploited via triggering Cascade Style Sheets invalidation during certain subtree-removal action. Vulnerability (13) can be exploited by JavaScript code which triggers an incorrect cast. This vulnerability related to extensions/renderer/v8_helpers.h and gin/converter.h Vulnerability (14) caused by mishandle of nested message loops and related to PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc. Exploitation of this vulnerability can lead to Same Origin Policy Bypass. Vulnerability (15) caused by mishandle of widget updates and caused by ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp. Exploitation of this vulnerability can lead to Same Origin Bypass. |
Пораженные продукты
|
Google Chrome versions earlier than 49.0.2623.75 (All branches) |
Решение
|
Update to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. |
Первичный источник обнаружения
|
Google Chrome releases blog |
Оказываемое влияние
?
|
OSI
[?]
DoS
[?]
SB
[?]
|
Связанные продукты
|
Google Chrome |
CVE-IDS
|
CVE-2016-16326.8High
CVE-2016-16386.8High CVE-2016-16404.3Warning CVE-2016-16419.3Critical CVE-2016-16349.3Critical CVE-2016-16367.5Critical CVE-2016-16374.3Warning CVE-2016-16316.8High CVE-2016-16306.8High CVE-2016-28449.3Critical CVE-2016-28455.0Critical |
Узнай статистику распространения уязвимостей в твоем регионе |