Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-305
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Chrome versions antérieures à 53.0.2785.113 pour Windows, Mac, et Linux
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Chrome versions ant\u00e9rieures \u00e0 53.0.2785.113 pour Windows, Mac, et Linux\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5174"
},
{
"name": "CVE-2016-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5171"
},
{
"name": "CVE-2016-5175",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5175"
},
{
"name": "CVE-2016-5172",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5172"
},
{
"name": "CVE-2016-5170",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5170"
},
{
"name": "CVE-2016-5173",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5173"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-305",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 13 septembre 2016",
"url": "https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CVE-2016-5174 (GCVE-0-2016-5174)
Vulnerability from cvelistv5 – Published: 2016-09-25 20:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/579934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2053343003"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/579934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2053343003"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://crbug.com/579934",
"refsource": "CONFIRM",
"url": "https://crbug.com/579934"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/2053343003",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2053343003"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5174",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5173 (GCVE-0-2016-5173)
Vulnerability from cvelistv5 – Published: 2016-09-25 20:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/1840453002"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/468931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/497507"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/471523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/1840453002"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/468931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/497507"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/471523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "https://codereview.chromium.org/1840453002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1840453002"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://crbug.com/468931",
"refsource": "CONFIRM",
"url": "https://crbug.com/468931"
},
{
"name": "https://crbug.com/497507",
"refsource": "MISC",
"url": "https://crbug.com/497507"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/471523",
"refsource": "MISC",
"url": "https://crbug.com/471523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5173",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5175 (GCVE-0-2016-5175)
Vulnerability from cvelistv5 – Published: 2016-09-25 20:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/619217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/646394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/638166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/619217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/646394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/638166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://crbug.com/619217",
"refsource": "CONFIRM",
"url": "https://crbug.com/619217"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/646394",
"refsource": "CONFIRM",
"url": "https://crbug.com/646394"
},
{
"name": "https://crbug.com/638166",
"refsource": "CONFIRM",
"url": "https://crbug.com/638166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5175",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5172 (GCVE-0-2016-5172)
Vulnerability from cvelistv5 – Published: 2016-09-25 20:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/616386"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2077283004"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/616386"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2077283004"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/616386",
"refsource": "CONFIRM",
"url": "https://crbug.com/616386"
},
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/2077283004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2077283004"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5172",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5170 (GCVE-0-2016-5170)
Vulnerability from cvelistv5 – Published: 2016-09-25 20:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/641101"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2332003002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/641101"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2332003002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "https://crbug.com/641101",
"refsource": "CONFIRM",
"url": "https://crbug.com/641101"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://codereview.chromium.org/2332003002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2332003002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5170",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5171 (GCVE-0-2016-5171)
Vulnerability from cvelistv5 – Published: 2016-09-25 20:00 – Updated: 2024-08-06 00:53
VLAI?
EPSS
Summary
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/643357"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2306023002"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/643357"
},
{
"name": "DSA-3667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2306023002"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/643357",
"refsource": "CONFIRM",
"url": "https://crbug.com/643357"
},
{
"name": "DSA-3667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3667"
},
{
"name": "1036826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036826"
},
{
"name": "92942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92942"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://codereview.chromium.org/2306023002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2306023002"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5171",
"datePublished": "2016-09-25T20:00:00",
"dateReserved": "2016-05-31T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…