Дата обнаружения
|
01/06/2016 |
Уровень угрозы
|
High |
Описание
|
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities
Technical details Vulnerability (2) related to SkRegion::readFromMemory function from core/SkRegion.cpp. This function does not validate the interval count. Vulnerability (3) caused by mishandling interaction between field updates and JavaScript code that triggers a frame deletion. Vulnerability (4) related to extensions/renderer/runtime_custom_bindings.cc which does not consider side effects during creation of an array of extension views. Vulnerability (5) related to WebKit/Source/devtools/front_end/devtools.js at the Developer Tools subsystem. Vulnerability caused by lack of check that remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL. Vulnerability (6) related to createCustomType function in extensions/renderer/resources/binding.js which does not validate module types. As result of exploitation attacker can load arbitrary modules. Vulnerability (7) related to FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp which does not prevent navigations during DocumentLoader detach operations. Vulnerability (8) caused by lack of bindings access restrictions. |
Пораженные продукты
|
Google Chrome versions earlier than 51.0.2704.79 (All branches) |
Решение
|
Update to the latest version. |
Первичный источник обнаружения
|
Google Chrome releases blog entry |
Оказываемое влияние
?
|
OSI
[?]
DoS
[?]
SB
[?]
|
Связанные продукты
|
Google Chrome |
CVE-IDS
|
CVE-2016-16976.8High
CVE-2016-16966.8High CVE-2016-16994.3Warning CVE-2016-16984.3Warning CVE-2016-17016.8High CVE-2016-17005.1High CVE-2016-17036.8High CVE-2016-17024.3Warning |
Узнай статистику распространения уязвимостей в твоем регионе |