|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Chrome: four vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Creation date: 10/11/2016.
Identifiers: CERTFR-2016-AVI-376, CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:2792-1, openSUSE-SU-2016:2793-1, RHSA-2016:2718-01, USN-3133-1, VIGILANCE-VUL-21090.
Description of the vulnerability
Several vulnerabilities were announced in Chrome.
An attacker can generate a memory corruption via FFmpeg, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21224). [severity:3/4; CVE-2016-5199]
An attacker can force a read at an invalid address via V8, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5200]
An attacker can bypass security features via Extensions, in order to obtain sensitive information. [severity:2/4; CVE-2016-5201]
An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5202]
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides systems vulnerabilities bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.