Описание
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or obtain sensitive information.
Below is a complete list of vulnerabilities
- Multiple unknown vulnerabilities can be exploited remotely to cause denial of service or possibly have other unknown impacts;
- An improper interval count validation at Skia can be exploited remotely to cause denial of service via a specially designed serialized data;
- An improper autofill implementation can be exploited remotely via a specially designed web site to cause denial of service or possibly have another unknown impact;
- An improper extension views handling can be exploited remotely via vectors related to extensions to cause a denial of service or possibly have another unspecified impact;
- Lack of URL restrictions at Blink can be exploited remotely to cause denial of service via vectors related to extensions or possibly have another unknown impact;
- Lack of module types validation at extensions bindings can be exploited via custom types manipulations to bypass security restrictions or obtain sensitive information;
- Lack of frame navigation restrictions can be exploited remotely via a specially designed JavaScript code to bypass same origin policy;
- Lack of access restrictions can be exploited remotely to bypass same origin policy.
Technical details
Vulnerability (2) related to SkRegion::readFromMemory function from core/SkRegion.cpp. This function does not validate the interval count.
Vulnerability (3) caused by mishandling interaction between field updates and JavaScript code that triggers a frame deletion.
Vulnerability (4) related to extensions/renderer/runtime_custom_bindings.cc which does not consider side effects during creation of an array of extension views.
Vulnerability (5) related to WebKit/Source/devtools/front_end/devtools.js at the Developer Tools subsystem. Vulnerability caused by lack of check that remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL.
Vulnerability (6) related to createCustomType function in extensions/renderer/resources/binding.js which does not validate module types. As result of exploitation attacker can load arbitrary modules.
Vulnerability (7) related to FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp which does not prevent navigations during DocumentLoader detach operations.
Vulnerability (8) caused by lack of bindings access restrictions.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2016-1697 high
- CVE-2016-1696 high
- CVE-2016-1699 warning
- CVE-2016-1698 warning
- CVE-2016-1701 high
- CVE-2016-1700 high
- CVE-2016-1703 high
- CVE-2016-1702 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com