CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.7%
Google Chrome Releases reports:
20 security fixes in this release, including:
[590275] High CVE-2016-1652: Universal XSS in extension
bindings. Credit to anonymous.
[589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit
to Choongwoo Han.
[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium
JPEG2000 decoding. Credit to kdot working with HP’s Zero Day
Initiative.
[589512] Medium CVE-2016-1654: Uninitialized memory read in
media. Credit to Atte Kettunen of OUSPG.
[582008] Medium CVE-2016-1655: Use-after-free related to
extensions. Credit to Rob Wu.
[570750] Medium CVE-2016-1656: Android downloaded file path
restriction bypass. Credit to Dzmitry Lukyanenko.
[567445] Medium CVE-2016-1657: Address bar spoofing. Credit to
Luan Herrera.
[573317] Low CVE-2016-1658: Potential leak of sensitive
information to malicious extensions. Credit to Antonio Sanso
(@asanso) of Adobe.
[602697] CVE-2016-1659: Various fixes from internal audits,
fuzzing and other initiatives.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.7%