The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Google Chrome

vulnerability CVE-2016-5199 CVE-2016-5200 CVE-2016-5201

Chrome: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/11/2016.
Identifiers: CERTFR-2016-AVI-376, CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:2792-1, openSUSE-SU-2016:2793-1, RHSA-2016:2718-01, USN-3133-1, VIGILANCE-VUL-21090.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can generate a memory corruption via FFmpeg, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21224). [severity:3/4; CVE-2016-5199]

An attacker can force a read at an invalid address via V8, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5200]

An attacker can bypass security features via Extensions, in order to obtain sensitive information. [severity:2/4; CVE-2016-5201]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5202]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-5198

V8: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of V8, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/11/2016.
Identifiers: CERTFR-2016-AVI-367, CVE-2016-5198, DSA-3731-1, FEDORA-2016-012de4c97e, FEDORA-2016-c671aae490, openSUSE-SU-2016:2732-1, openSUSE-SU-2016:2733-1, openSUSE-SU-2016:2783-1, openSUSE-SU-2016:2783-2, RHSA-2016:2672-01, USN-3133-1, VIGILANCE-VUL-21038.

Description of the vulnerability

An attacker can generate a memory corruption of V8, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-5131

libxml2: use after free via xmlXPtrRangeToFunction

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPtrRangeToFunction of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, Android OS, Chrome, libxml, openSUSE Leap, Opera, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2016.
Identifiers: CERTFR-2018-AVI-288, CVE-2016-5131, DLA-691-1, DSA-3744-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, HT207143, HT207170, openSUSE-SU-2018:0418-1, SSA:2017-266-01, TNS-2018-08, USN-3235-1, VIGILANCE-VUL-20993.

Description of the vulnerability

An attacker can force the usage of a freed memory area via xmlXPtrRangeToFunction of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-4658

libxml2: use after free via Namespace

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Namespace of libxml2, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, Android OS, Chrome, libxml, openSUSE, openSUSE Leap, Opera, Slackware, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/11/2016.
Identifiers: CVE-2016-4658, DLA-691-1, DSA-3744-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, FEDORA-2018-a6b59d8f78, FEDORA-2018-db610fff5b, HT207143, HT207170, openSUSE-SU-2016:2711-1, openSUSE-SU-2016:2730-1, openSUSE-SU-2017:0446-1, SSA:2017-266-01, USN-3235-1, VIGILANCE-VUL-20992.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Namespace of libxml2, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5181 CVE-2016-5182 CVE-2016-5183

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, client access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-345, CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193, CVE-2016-5194, DSA-3731-1, FEDORA-2016-012de4c97e, FEDORA-2016-c671aae490, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:2597-1, openSUSE-SU-2016:2783-1, openSUSE-SU-2016:2783-2, RHSA-2016:2067-01, SUSE-SU-2016:2598-1, USN-3113-1, VIGILANCE-VUL-20866.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5181]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5182]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5183]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5184]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5185]

An attacker can alter displayed information via URL, in order to deceive the victim. [severity:2/4; CVE-2016-5187]

An attacker can alter displayed information via UI, in order to deceive the victim. [severity:2/4; CVE-2016-5188]

An attacker can bypass security features via Blink, in order to escalate his privileges. [severity:2/4; CVE-2016-5192]

An attacker can alter displayed information via URL, in order to deceive the victim. [severity:2/4; CVE-2016-5189]

An attacker can force a read at an invalid address via DevTools, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5186]

An attacker can trigger a Cross Site Scripting via Bookmarks, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-5191]

An attacker can force the usage of a freed memory area via Internals, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5190]

An attacker can bypass security features via Scheme Bypass, in order to escalate his privileges. [severity:2/4; CVE-2016-5193]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5194]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-5177 CVE-2016-5178

Google Chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 30/09/2016.
Identifiers: CERTFR-2016-AVI-324, CVE-2016-5177, CVE-2016-5178, DSA-3683-1, FEDORA-2016-2e50862950, FEDORA-2016-d61c4f72da, openSUSE-SU-2016:2429-1, openSUSE-SU-2016:2432-1, RHSA-2016:2007-01, USN-3091-1, VIGILANCE-VUL-20741.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can force the usage of a freed memory area via the JavaScript interpreter V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5177]

An attacker can generate several memory corruptions, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5178]

An unknown vulnerability was announced. [severity:3/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7549

Google Chrome: out-of-bounds memory reading via RenderFrame

Synthesis of the vulnerability

An attacker can force a read at an invalid address via RenderFrame of Google Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Chrome, Opera, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on client.
Provenance: document.
Creation date: 26/09/2016.
Identifiers: 646394, CVE-2016-7549, USN-3091-1, VIGILANCE-VUL-20699.

Description of the vulnerability

An attacker can force a read at an invalid address via RenderFrame of Google Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-5170 CVE-2016-5171 CVE-2016-5172

Google Chrome: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 14/09/2016.
Identifiers: CERTFR-2016-AVI-305, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175, CVE-2016-5176, DSA-3667-1, FEDORA-2016-03b199bec6, FEDORA-2016-2e50862950, FEDORA-2016-b15185b72a, openSUSE-SU-2016:2309-1, openSUSE-SU-2016:2310-1, openSUSE-SU-2016:2311-1, RHSA-2016:1905-01, USN-3091-1, VIGILANCE-VUL-20611, ZDI-16-524.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5170]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5171]

An attacker can force a read at an invalid address via v8, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5172]

An attacker can bypass security features via Extension, in order to escalate his privileges. [severity:2/4; CVE-2016-5173]

An attacker can alter displayed information via Popup, in order to deceive the victim. [severity:2/4; CVE-2016-5174]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5175]

An attacker can bypass security features of the SafeBrowsing, in order to escalate his privileges. [severity:3/4; CVE-2016-5176, ZDI-16-524]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7395

Google Chrome: out-of-bounds memory reading via ChopMonoAtY

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ChopMonoAtY of Google Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/09/2016.
Identifiers: 613918, CVE-2016-7395, DSA-3667-1, FEDORA-2016-bf8c64a060, openSUSE-SU-2016:2250-1, openSUSE-SU-2016:2296-1, openSUSE-SU-2016:2349-1, SUSE-SU-2016:2251-1, VIGILANCE-VUL-20576.

Description of the vulnerability

An attacker can force a read at an invalid address via ChopMonoAtY of Google Chrome, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5147 CVE-2016-5148 CVE-2016-5149

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 01/09/2016.
Identifiers: CERTFR-2016-AVI-293, CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5160, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5167, DSA-3660-1, FEDORA-2016-2e50862950, FEDORA-2016-bf8c64a060, openSUSE-SU-2016:2250-1, openSUSE-SU-2016:2296-1, openSUSE-SU-2016:2349-1, RHSA-2016:1854-01, SUSE-SU-2016:2251-1, USN-3058-1, VIGILANCE-VUL-20505, ZDI-16-501.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:4/4; CVE-2016-5147]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:4/4; CVE-2016-5148]

An attacker can use a vulnerability via Script Injection, in order to run code. [severity:4/4; CVE-2016-5149]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5150]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5151]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-24293). [severity:4/4; CVE-2016-5152]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5153]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5154]

An attacker can alter displayed information via Address Bar, in order to deceive the victim. [severity:4/4; CVE-2016-5155]

An attacker can force the usage of a freed memory area via Event Bindings, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5156]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-24294). [severity:4/4; CVE-2016-5157]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5158]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5159]

An attacker can generate a memory corruption via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5161, ZDI-16-501]

An attacker can bypass security features via Extensions, in order to escalate his privileges. [severity:3/4; CVE-2016-5162]

An attacker can alter displayed information via Address Bar, in order to deceive the victim. [severity:3/4; CVE-2016-5163]

An attacker can trigger a Cross Site Scripting via DevTools, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5164]

An attacker can use a vulnerability via DevTools, in order to run code. [severity:3/4; CVE-2016-5165]

An attacker can bypass access restrictions via SMB Relay Attack, in order to read or alter data. [severity:3/4; CVE-2016-5166]

An attacker can bypass security features via Extensions, in order to escalate his privileges. [severity:2/4; CVE-2016-5160]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5167]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Google Chrome: