Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Chrome < 52.0.2743.82 Multiple Vulnerabilities

High

Synopsis

The specific version of Chrome that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of Chrome that the system is running is reportedly affected by the following vulnerabilities:

- Google Chrome contains a flaw in PPAPI that is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2016-1706)

- Google Chrome for iOS contains a flaw in web/web_state/ui/crw_web_controller.mm that is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks. (CVE-2016-1707)

- Google Chrome contains a use-after-free error related to extensions that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1708)

- Google sfntly contains an array indexing error in the ByteArray::Get() function in data/byte_array.cc that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-1709)

- Google Chrome contains a flaw in web/ChromeClientImpl.cpp that is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1710)

- Google Chrome contains a flaw in core/loader/FrameLoader.cpp that is triggered when handling frame navigations during DocumentLoader detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1711)

- Google Chrome contains a use-after-free error in the previousLinePosition() function in core/editing/VisibleUnits.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5127)

- Google V8 contains an unspecified flaw which may allow a context-dependent attacker to bypass the same-origin policy. No further details have been provided by the vendor. (CVE-2016-5128)

- Google V8 contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-5129)

- Google Chrome contains a flaw in the HistoryController::UpdateForCommit() function in content/renderer/history_controller.cc. The issue is triggered when handling two forward navigations that compete in different frames. This may allow a context-dependent attacker to perform URL spoofing attacks. (CVE-2016-5130)

- Libxml2 contains a use-after-free error in the xmlXPtrRangeToFunction() function in xpointer.c. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5131)

- Google Chrome contains a flaw related to Service Workers that is triggered when handling subframes of an insecure context. This may allow a context-dependent attacker to perform a limited bypass of the same-origin policy. (CVE-2016-5132)

- Google Chrome contains a flaw related to proxy authentication that is triggere when handling origins. This may allow a context-dependent attacker to spoof the proxy server origin. (CVE-2016-5133)

- Google Chrome contains a flaw that is triggered as https:// URLs are not properly sanitized before being sent to PAC scripts. This may allow a context-dependent attacker to leak URLs. (CVE-2016-5134)

- Google Chrome contains a flaw in html/parser/HTMLPreloadScanner.cpp related to the handling of referrer policies. This may allow a context-dependent attacker to bypass the content security policy (CSP). (CVE-2016-5135)

- Google Chrome contains a use-after-free error in extensions/renderer/user_script_injector.cc that is triggered when handling UserScript pointers. This may allow a malicious extension to dereference already freed memory and potentially execute arbitrary code with elevated privileges. (CVE-2016-5136)

- Google Chrome contains a flaw in the CSPSource::portMatches() function in frame/csp/CSPSource.cpp related to HSTS and CSP when handling HTTP vs HTTPS ports in source expressions. This may allow a context-dependent attacker to disclose browsing history information. (CVE-2016-5137)

- Google Chrome contains a flaw in the LayoutBox::removeFloatingOrPositionedChildFromBlockLists() function in core/layout/LayoutBox.cpp that is triggered when handling LayoutView floats. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

- Google Chrome contains a flaw in the Resource::canUseCacheValidator() function in core/fetch/Resource.cpp that is triggered when revalidating Resource with redirects. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains a flaw in the Resource::willFollowRedirect() function in core/fetch/Resource.cpp that is triggered when handling redirect responses while revalidating resources. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains a flaw in net/url_request/sdch_dictionary_fetcher.cc that is triggered when handling dictionary requests failing after receiving data. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains a flaw in the ShapeResultSpacing::computeSpacing() function in platform/fonts/shaping/ShapeResultSpacing.cpp that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

- Google Chrome contains a flaw in the Channel::Message::Deserialize() function in mojo/edk/system/channel.cc that is triggered when handling header sizes in channel messages. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)

- Google Chrome contains an unspecified flaw in Font::individualCharacterRanges() function in platform/fonts/Font.cpp, which may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google WebRTC contains an out-of-bounds read flaw in the WebRtcIsacfix_PitchFilter() and WebRtcIsacfix_PitchFilterGains() functions in modules/audio_coding/codecs/isac/fix/source/pitch_filter.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1705)

- Google Chrome contains a flaw in org/chromium/chrome/browser/toolbar/CustomTabToolbarAnimationDelegate.java that is due to the program failing to properly load security icons on custom HTTP connection tabs. This may allow a context-dependent attacker to spoof valid icons. (CVE-2016-1705)

- Google Skia contains an integer overflow condition in the SkLinearGradient::LinearGradientContext::shade4_dx_clamp() function in effects/gradients/SkLinearGradient.cpp . The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- libvpx contains an invalid read flaw in the setup_frame_size_with_refs() function in vp9/decoder/vp9_decodeframe.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.

- Google Chrome contains an unspecified flaw in extensions that is triggered during the handling of NativeMessaging IDs. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)

- Google Chrome contains an out-of-bounds read flaw in the HTMLMenuItemElement::defaultEventHandler() function in core/html/HTMLMenuItemElement.cpp that may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2016-1705)

- Google Chrome contains an unspecified flaw in the GURL::ReplaceComponents() function in url/gurl.cc that is triggered during inner URL creation. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (CVE-2016-1705)

- Google V8 contains an unspecified flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1705)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

http://www.google.com/chrome/
https://bugs.chromium.org/p/chromium/issues/detail?id=610600
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
https://www.debian.org/security/2016/dsa-3637
http://www.ubuntu.com/usn/usn-3041-1/
http://news.softpedia.com/news/chrome-52-released-with-support-for-css-containment-and-performance-measurement-506482.shtml
http://seclists.org/bugtraq/2016/Aug/7
https://bugs.chromium.org/p/chromium/issues/detail?id=622183
https://bugs.chromium.org/p/chromium/issues/detail?id=613949
https://bugs.chromium.org/p/chromium/issues/detail?id=614934
https://bugs.chromium.org/p/chromium/issues/detail?id=616907
https://bugs.chromium.org/p/chromium/issues/detail?id=617495
https://bugs.chromium.org/p/chromium/issues/detail?id=618237
https://developers.google.com/v8/
https://bugs.chromium.org/p/chromium/issues/detail?id=619166
https://bugs.chromium.org/p/chromium/issues/detail?id=620553
https://bugs.chromium.org/p/chromium/issues/detail?id=623319
https://bugs.chromium.org/p/chromium/issues/detail?id=623378
https://bugzilla.gnome.org/show_bug.cgi?id=769160
https://bugzilla.gnome.org/show_bug.cgi?id=768428
https://github.com/sparklemotion/nokogiri/issues/1528
http://www.splunk.com/view/SP-CAAAPQM
https://bugs.chromium.org/p/chromium/issues/detail?id=607543
https://bugs.chromium.org/p/chromium/issues/detail?id=613626
https://bugs.chromium.org/p/chromium/issues/detail?id=620737
https://bugs.chromium.org/p/chromium/issues/detail?id=593759
http://jvn.jp/vu/JVNVU90289707/index.html
https://bugs.chromium.org/p/chromium/issues/detail?id=605451
https://bugs.chromium.org/p/chromium/issues/detail?id=625393
https://bugs.chromium.org/p/chromium/issues/detail?id=625945
https://bugs.chromium.org/p/chromium/issues/detail?id=629852
https://bugs.chromium.org/p/chromium/issues/detail?id=613869
https://bugs.chromium.org/p/chromium/issues/detail?id=613971
https://bugs.chromium.org/p/chromium/issues/detail?id=614989
https://bugs.chromium.org/p/chromium/issues/detail?id=620858
https://bugs.chromium.org/p/chromium/issues/detail?id=621843
https://bugs.chromium.org/p/chromium/issues/detail?id=622522
https://bugs.chromium.org/p/chromium/issues/detail?id=620952
https://bugs.chromium.org/p/chromium/issues/detail?id=600953
https://bugs.chromium.org/p/chromium/issues/detail?id=612939
https://bugs.chromium.org/p/chromium/issues/detail?id=599458
https://chromium.googlesource.com/webm/libvpx
https://bugs.chromium.org/p/chromium/issues/detail?id=614701
https://bugs.chromium.org/p/chromium/issues/detail?id=609286
https://bugs.chromium.org/p/chromium/issues/detail?id=590619
https://bugs.chromium.org/p/chromium/issues/detail?id=615820
https://bugs.chromium.org/p/chromium/issues/detail?id=619382