Arch LinuxASA-201604-10chromium: multiple issues
EPSS
Percentile
92.7%
- CVE-2016-1651:
Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working
with HP’s Zero Day Initiative.
- CVE-2016-1652:
Universal XSS in extension bindings. Credit to anonymous.
- CVE-2016-1653:
Out-of-bounds write in V8. Credit to Choongwoo Han.
- CVE-2016-1654:
Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
- CVE-2016-1655:
Use-after-free related to extensions. Credit to Rob Wu.
- CVE-2016-1657:
Address bar spoofing. Credit to Luan Herrera.
- CVE-2016-1658:
Potential leak of sensitive information to malicious extensions. Credit
to Antonio Sanso (@asanso) of Adobe.
- CVE-2016-1659:
Various fixes from internal audits, fuzzing and other initiatives.
References
googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html
access.redhat.com/security/cve/CVE-2016-1651
access.redhat.com/security/cve/CVE-2016-1652
access.redhat.com/security/cve/CVE-2016-1653
access.redhat.com/security/cve/CVE-2016-1654
access.redhat.com/security/cve/CVE-2016-1655
access.redhat.com/security/cve/CVE-2016-1657
access.redhat.com/security/cve/CVE-2016-1658
access.redhat.com/security/cve/CVE-2016-1659
Related
