chromium: Multiple vulnerabilities (CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE… CVE-2016-1694, CVE-2016-1695)
CVE-2016-1667: Same origin bypass in DOM.
CVE-2016-1668: Same origin bypass in Blink V8 bindings.
CVE-2016-1669: Buffer overflow in V8.
CVE-2016-1670: Race condition in loader.
CVE-2016-1671: Directory traversal using the file scheme on Android.
Fixed In Version: 50.0.2661.102
References:
http://googlechromereleases.blogspot.no/2016/05/stable-channel-update.html
CVE-2016-1672: Cross-origin bypass in extension bindings.
CVE-2016-1673: Cross-origin bypass in Blink.
CVE-2016-1674: Cross-origin bypass in extensions.
CVE-2016-1675: Cross-origin bypass in Blink.
CVE-2016-1676: Cross-origin bypass in extension bindings.
CVE-2016-1677: Type confusion in V8.
CVE-2016-1678: Heap overflow in V8.
CVE-2016-1679: Heap use-after-free in V8 bindings.
CVE-2016-1680: Heap use-after-free in Skia.
CVE-2016-1681: Heap overflow in PDFium.
CVE-2016-1682: CSP bypass for ServiceWorker.
CVE-2016-1683: Out-of-bounds access in libxslt.
CVE-2016-1684: Integer overflow in libxslt.
CVE-2016-1685: Out-of-bounds read in PDFium.
CVE-2016-1686: Out-of-bounds read in PDFium.
CVE-2016-1687: Information leak in extensions.
CVE-2016-1688: Out-of-bounds read in V8.
CVE-2016-1689: Heap buffer overflow in media.
CVE-2016-1690: Heap use-after-free in Autofill.
CVE-2016-1691: Heap buffer-overflow in Skia.
CVE-2016-1692: Limited cross-origin bypass in ServiceWorker.
CVE-2016-1693: HTTP Download of Software Removal Tool.
CVE-2016-1694: HPKP pins removed on cache clearance.
CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.
Fixed In Version: Chrome 51.0.2704.63
References:
http://googlechromereleases.blogspot.no/2016/05/stable-channel-update\_25.html
(from redmine: issue id 5685, created on 2016-06-06, closed on 2016-12-15)
- Relations:
- child #5686 (closed)
- child #5687 (closed)