Redhat Enterprise Linux Desktop Supplementary vulnerabilities

CVE-2016-1666 [CRITICAL] CVE-2016-1666: Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2016-1662 [CRITICAL] CVE-2016-1662: extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback ex extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

CVE-2016-1663 [HIGH] CVE-2016-1663: The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/Serialize The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via

CVE-2016-1661 [HIGH] CWE-20 CVE-2016-1661: Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWin

CVE-2016-1660 [HIGH] CWE-20 CVE-2016-1660: Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.

CVE-2016-1664 [MEDIUM] CWE-254 CVE-2016-1664: The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.

CVE-2016-1665 [MEDIUM] CWE-20 CVE-2016-1665: The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrom The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code.

CVE-2015-8540 [HIGH] CWE-189 CVE-2015-8540: Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

CVE-2016-2051 [CRITICAL] CVE-2016-2051: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1276 [CRITICAL] CVE-2015-1276: Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the Indexe Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.

CVE-2015-1284 [HIGH] CWE-20 CVE-2015-1284: The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrom The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code

CVE-2015-1279 [HIGH] CWE-189 CVE-2015-1279: Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.

CVE-2015-1277 [HIGH] CVE-2015-1277: Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.8 Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.

CVE-2015-1272 [HIGH] CVE-2015-1272: Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and

CVE-2015-1280 [HIGH] CWE-119 CVE-2015-1280: SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers t SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.

CVE-2015-1289 [HIGH] CVE-2015-1289: Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1273 [MEDIUM] CWE-119 CVE-2015-1273: Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome bef Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.

CVE-2015-1286 [MEDIUM] CWE-79 CVE-2015-1286: Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."

CVE-2015-1288 [MEDIUM] CVE-2015-1288: The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.

CVE-2015-1274 [MEDIUM] CWE-254 CVE-2015-1274: Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file t Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.