The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Opera Web browser

computer vulnerability CVE-2016-5203 CVE-2016-5204 CVE-2016-5205

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 02/12/2016.
Revisions dates: 01/02/2017, 15/06/2017.
Identifiers: 1000, 994, CERTFR-2016-AVI-394, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:3108-1, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2016:2919-01, USN-3153-1, VIGILANCE-VUL-21255.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can bypass security features via V8, in order to obtain sensitive information. [severity:3/4; CVE-2016-9651]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5208]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5207]

An attacker can bypass the origin check via PDFium, in order to access to victim's data. [severity:3/4; CVE-2016-5206]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5205]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5204]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5209]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5203]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5210]

An attacker can bypass security features via DevTools, in order to obtain sensitive information. [severity:3/4; CVE-2016-5212]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5211]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5213]

An attacker can bypass security features via File Download, in order to obtain sensitive information. [severity:2/4; CVE-2016-5214]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5216]

An attacker can force the usage of a freed memory area via Webaudio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5215]

An attacker can generate a memory corruption via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5217]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5218]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21621). [severity:2/4; CVE-2016-5219]

An attacker can generate an integer overflow via ANGLE, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5221]

An attacker can bypass file access restrictions via PDFium, in order to obtain sensitive information. [severity:2/4; CVE-2016-5220]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5222]

An attacker can bypass security features via CSP Referrer, in order to obtain sensitive information. [severity:1/4; CVE-2016-9650]

An attacker can generate an integer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-5223]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:1/4; CVE-2016-5226]

An attacker can bypass security features via Blink, in order to obtain sensitive information. [severity:1/4; CVE-2016-5225]

An attacker can bypass the origin check via SVG, in order to access to victim's data. [severity:1/4; CVE-2016-5224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9652]

An unknown vulnerability was announced via HTMLKeygenElement::shadowSelect(). [severity:2/4; 994]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-5070 CVE-2017-5071 CVE-2017-5072

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 06/06/2017.
Identifiers: 1232, CERTFR-2017-AVI-168, CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085, CVE-2017-5086, FEDORA-2017-1e34da27f3, FEDORA-2017-a66e2c5b62, FEDORA-2017-a7a488d8d0, FEDORA-2017-b8d76bef4e, openSUSE-SU-2017:1501-1, openSUSE-SU-2017:1502-1, RHSA-2017:1399-01, VIGILANCE-VUL-22905.

Description of the vulnerability

An attacker can use several vulnerabilities of Chrome.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-5090

Chrome, Firefox: site spoofing via homographs

Synthesis of the vulnerability

An attacker can use a url with Unicode characters looking like ASCII characters, in order to deceive the victim.
Impacted products: Chrome, Firefox, SeaMonkey, Opera.
Severity: 2/4.
Creation date: 18/04/2017.
Identifiers: 1332714, CVE-2017-5090, VIGILANCE-VUL-22467.

Description of the vulnerability

Several Unicode characters (such as U+0430) look like the ASCII 'a' character. Some attackers use domain names containing these variants, in order to invite the victim to click on a link.

This type of attack, based on homographs, was already described in several bulletins (VIGILANCE-VUL-4729 and VIGILANCE-VUL-8497). Fixes are applied in most software.

However, when the name is only composed of Unicode characters, the Chrome and Firefox protections are bypassed. For example, https://xn--e1awd7f.com/ is displayed as https://www.epic.com/. Moreover, as a valid certificate for this domain can be obtained via Let's Encrypt, an attacker can easily spoof a TLS site.

An attacker can therefore use a url with Unicode characters looking like ASCII characters, in order to deceive the victim.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-5052 CVE-2017-5053 CVE-2017-5054

Chrome: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Fedora, Chrome, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Creation date: 30/03/2017.
Identifiers: CERTFR-2017-AVI-095, CVE-2017-5052, CVE-2017-5053, CVE-2017-5054, CVE-2017-5055, CVE-2017-5056, FEDORA-2017-5b199bf121, FEDORA-2017-ff6940bf63, openSUSE-SU-2017:0908-1, openSUSE-SU-2017:0909-1, RHSA-2017:0860-01, VIGILANCE-VUL-22291.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can force the usage of a freed memory area via Printing, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5055]

An attacker can generate a buffer overflow via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5054]

An attacker can generate a memory corruption via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5052]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-5056]

An attacker can force a read at an invalid address via V8, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-5053]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-5199 CVE-2016-5200 CVE-2016-5201

Chrome: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 10/11/2016.
Identifiers: CERTFR-2016-AVI-376, CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:2792-1, openSUSE-SU-2016:2793-1, RHSA-2016:2718-01, USN-3133-1, VIGILANCE-VUL-21090.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can generate a memory corruption via FFmpeg, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21224). [severity:3/4; CVE-2016-5199]

An attacker can force a read at an invalid address via V8, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5200]

An attacker can bypass security features via Extensions, in order to obtain sensitive information. [severity:2/4; CVE-2016-5201]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5202]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-5198

V8: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of V8, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 03/11/2016.
Identifiers: CERTFR-2016-AVI-367, CVE-2016-5198, DSA-3731-1, FEDORA-2016-012de4c97e, FEDORA-2016-c671aae490, openSUSE-SU-2016:2732-1, openSUSE-SU-2016:2733-1, openSUSE-SU-2016:2783-1, openSUSE-SU-2016:2783-2, RHSA-2016:2672-01, USN-3133-1, VIGILANCE-VUL-21038.

Description of the vulnerability

An attacker can generate a memory corruption of V8, in order to trigger a denial of service, and possibly to run code.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-5181 CVE-2016-5182 CVE-2016-5183

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-345, CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193, CVE-2016-5194, DSA-3731-1, FEDORA-2016-012de4c97e, FEDORA-2016-c671aae490, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:2597-1, openSUSE-SU-2016:2783-1, openSUSE-SU-2016:2783-2, RHSA-2016:2067-01, SUSE-SU-2016:2598-1, USN-3113-1, VIGILANCE-VUL-20866.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5181]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5182]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5183]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5184]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5185]

An attacker can alter displayed information via URL, in order to deceive the victim. [severity:2/4; CVE-2016-5187]

An attacker can alter displayed information via UI, in order to deceive the victim. [severity:2/4; CVE-2016-5188]

An attacker can bypass security features via Blink, in order to escalate his privileges. [severity:2/4; CVE-2016-5192]

An attacker can alter displayed information via URL, in order to deceive the victim. [severity:2/4; CVE-2016-5189]

An attacker can force a read at an invalid address via DevTools, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5186]

An attacker can trigger a Cross Site Scripting via Bookmarks, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-5191]

An attacker can force the usage of a freed memory area via Internals, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5190]

An attacker can bypass security features via Scheme Bypass, in order to escalate his privileges. [severity:2/4; CVE-2016-5193]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5194]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-5177 CVE-2016-5178

Google Chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/09/2016.
Identifiers: CERTFR-2016-AVI-324, CVE-2016-5177, CVE-2016-5178, DSA-3683-1, FEDORA-2016-2e50862950, FEDORA-2016-d61c4f72da, openSUSE-SU-2016:2429-1, openSUSE-SU-2016:2432-1, RHSA-2016:2007-01, USN-3091-1, VIGILANCE-VUL-20741.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can force the usage of a freed memory area via the JavaScript interpreter V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5177]

An attacker can generate several memory corruptions, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5178]

An unknown vulnerability was announced. [severity:3/4]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-5170 CVE-2016-5171 CVE-2016-5172

Google Chrome: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 14/09/2016.
Identifiers: CERTFR-2016-AVI-305, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175, CVE-2016-5176, DSA-3667-1, FEDORA-2016-03b199bec6, FEDORA-2016-2e50862950, FEDORA-2016-b15185b72a, openSUSE-SU-2016:2309-1, openSUSE-SU-2016:2310-1, openSUSE-SU-2016:2311-1, RHSA-2016:1905-01, USN-3091-1, VIGILANCE-VUL-20611, ZDI-16-524.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5170]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5171]

An attacker can force a read at an invalid address via v8, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5172]

An attacker can bypass security features via Extension, in order to escalate his privileges. [severity:2/4; CVE-2016-5173]

An attacker can alter displayed information via Popup, in order to deceive the victim. [severity:2/4; CVE-2016-5174]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5175]

An attacker can bypass security features of the SafeBrowsing, in order to escalate his privileges. [severity:3/4; CVE-2016-5176, ZDI-16-524]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-5147 CVE-2016-5148 CVE-2016-5149

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 01/09/2016.
Identifiers: CERTFR-2016-AVI-293, CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5160, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5167, DSA-3660-1, FEDORA-2016-2e50862950, FEDORA-2016-bf8c64a060, openSUSE-SU-2016:2250-1, openSUSE-SU-2016:2296-1, openSUSE-SU-2016:2349-1, RHSA-2016:1854-01, SUSE-SU-2016:2251-1, USN-3058-1, VIGILANCE-VUL-20505, ZDI-16-501.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:4/4; CVE-2016-5147]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:4/4; CVE-2016-5148]

An attacker can use a vulnerability via Script Injection, in order to run code. [severity:4/4; CVE-2016-5149]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5150]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5151]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-24293). [severity:4/4; CVE-2016-5152]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5153]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5154]

An attacker can alter displayed information via Address Bar, in order to deceive the victim. [severity:4/4; CVE-2016-5155]

An attacker can force the usage of a freed memory area via Event Bindings, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5156]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-24294). [severity:4/4; CVE-2016-5157]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5158]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5159]

An attacker can generate a memory corruption via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5161, ZDI-16-501]

An attacker can bypass security features via Extensions, in order to escalate his privileges. [severity:3/4; CVE-2016-5162]

An attacker can alter displayed information via Address Bar, in order to deceive the victim. [severity:3/4; CVE-2016-5163]

An attacker can trigger a Cross Site Scripting via DevTools, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5164]

An attacker can use a vulnerability via DevTools, in order to run code. [severity:3/4; CVE-2016-5165]

An attacker can bypass access restrictions via SMB Relay Attack, in order to read or alter data. [severity:3/4; CVE-2016-5166]

An attacker can bypass security features via Extensions, in order to escalate his privileges. [severity:2/4; CVE-2016-5160]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5167]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Opera Web browser: