CVE-2016-1628 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1628
pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions. pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no valida cierto valor precision, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de una imagen JPEG 2000 manipulada en un documento PDF, relacionado con las funciones opj_pi_next_rpcl, opj_pi_next_pcrl y opj_pi_next_cprl. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.debian.org/security/2017/dsa-4013 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 http://www.zerodayinitiative.com/advisories/ZDI-16-172 https://code.google.com/p/chromium/issues/detail?id=571479 https://codereview.chromium.org/1590593002 https://security.gentoo.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2016-1627 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1627
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. El subsistema Developer Tools (también conocido como DevTools) en Google Chrome en versiones anteriores a 48.0.2564.109 no valida esquemas URL y asegura que el parámetro remoteBase esta asociado con una URL chrome-devtools-frontend.appspot.com, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de una URL manipulada, relacionado con browser/devtools/devtools_ui_bindings.cc y WebKit/Source/devtools/front_end/Runtime.js. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 https://code.google.com/p/chromium/issues/detail?id=571121 https://code.google.com/p/chromium/issu • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1623 – chromium-browser: same-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. La implementación DOM en Google Chrome en versiones anteriores a 48.0.2564.109 no restringe adecuadamente que las operaciones frame-attach ocurran durante o después de las operaciones frame-detach, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado, relacionado con FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp y WebLocalFrameImpl.cpp. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 http://www.ubuntu.com/usn/USN-2895-1 https://code.google.com/p/chromium/issues/detail?id=577105 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1625 – chromium-browser: navigation bypass in Chrome Instant
https://notcve.org/view.php?id=CVE-2016-1625
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. La funcionalidad Chrome Instant en Google Chrome en versiones anteriores a 48.0.2564.109 no asegura que un destino de navegación New Tab Page (NTP) se encuentre en las listas de más visitados o sugerencias, lo que permite a atacantes remotos eludir las restricciones previstas a través de vectores no especificados, relacionado con instant_service.cc y search_tab_helper.cc. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 https://code.google.com/p/chromium/issues/detail?id=509313 https://codereview.chromium.org/1669723002 ht • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1624 – chromium-browser: buffer overflow in Brotli
https://notcve.org/view.php?id=CVE-2016-1624
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Desbordamiento inferior de entero en la función ProcessCommandsInternal en dec/decode.c en Brotli, como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.109, permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de datos manipulados con compresión brotli. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 http://www.ubuntu.com/usn/USN-2895-1 https://code.google.com/p/chromium/issues/detail?id=583607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •