Описание
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities
- Multiple unknown vulnerabilities at V8 can be exploited to cause denial of service or conduct other unknown impact;
- An unknown vulnerability can be exploited via vectors related to creating MHTML document to cause denial of service or conduct other unknown impact;
- An improper data-type mismatch handling at libANGLE can be exploited remotely via a specially designed specially designed shared stages to cause denial of service or conduct other unknown impact;
- Use-after-free vulnerability at Extensions cam be exploited remotely via a specially designed JavaScript code to cause denial of service or conduct other unknown impact;
- Use-after-free vulnerability at Navigation can be exploited remotely to cause denial of service or conduct other unknown impact;
- An improper elements handling at V8 can be exploited remotely via a specially designed JavaScript code to cause denial of service or conduct other unknown impact.
Technical details
Vulnerability (2) related to PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc and can be exploited via triggering error while MHTML document creation.
Vulnerability (3) related to Program::getUniformInternal function in Program.cpp.
Vulnerability (4) related to GetLoadTimes function in renderer/loadtimes_extension_bindings.cc.
Vulnerability (5) related to RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc.
Vulnerability (6) related to Array.prototype.concat implementation in builtins.cc which does not properly consider element data types.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2016-1648 critical
- CVE-2016-1649 critical
- CVE-2016-3679 critical
- CVE-2016-1650 critical
- CVE-2016-1646 critical
- CVE-2016-1647 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com