Google Chrome: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0059
      Multiple vulnerabilities have been identified in Google Chrome
                                27 May 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Chrome
Operating System:     Windows
                      OS X
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-1695 CVE-2016-1694 CVE-2016-1693
                      CVE-2016-1692 CVE-2016-1691 CVE-2016-1690
                      CVE-2016-1689 CVE-2016-1688 CVE-2016-1687
                      CVE-2016-1686 CVE-2016-1685 CVE-2016-1684
                      CVE-2016-1683 CVE-2016-1682 CVE-2016-1681
                      CVE-2016-1680 CVE-2016-1679 CVE-2016-1678
                      CVE-2016-1677 CVE-2016-1676 CVE-2016-1675
                      CVE-2016-1674 CVE-2016-1673 CVE-2016-1672
Member content until: Saturday, June 25 2016

OVERVIEW

        Multiple vulnerabilities have been identified in Google Chrome prior
        to version 51.0.2704.63. [1]


IMPACT

        The vendor has provided the following information:
        
        "This update includes 42 security fixes. Below, we highlight fixes
        that were contributed by external researchers. Please see the 
        Chromium security page for more information.
        
        [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension
        bindings. Credit to Mariusz Mlynski.
        
        [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. 
        Credit to Mariusz Mlynski.
        
        [$7500][598165] High CVE-2016-1674: Cross-origin bypass in 
        extensions. Credit to Mariusz Mlynski.
        
        [$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. 
        Credit to Mariusz Mlynski.
        
        [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension
        bindings. Credit to Rob Wu.
        
        [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit 
        to Guang Gong of Qihoo 360.
        
        [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to 
        Christian Holler.
        
        [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 
        bindings. Credit to Rob Wu.
        
        [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. 
        Credit to Atte Kettunen of OUSPG.
        
        [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit
        to Aleksandar Nikolic of Cisco Talos.
        
        [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker.
        Credit to KingstonTime.
        
        [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in 
        libxslt. Credit to Nicolas Gregoire.
        
        [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. 
        Credit to Nicolas Gregoire.
        
        [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium.
        Credit to Ke Liu of Tencent's Xuanwu LAB.
        
        [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium.
        Credit to Ke Liu of Tencent's Xuanwu LAB.
        
        [$1000][603748] Medium CVE-2016-1687: Information leak in 
        extensions. Credit to Rob Wu.
        
        [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. 
        Credit to Max Korenko.
        
        [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media.
        Credit to Atte Kettunen of OUSPG.
        
        [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in 
        Autofill. Credit to Rob Wu.
        
        [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. 
        Credit to Atte Kettunen of OUSPG.
        
        [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in 
        ServiceWorker. Credit to Til Jasper Ullrich.
        
        [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal
        Tool. Credit to Khalil Zhani.
        
        [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache 
        clearance. Credit to Ryan Lester.
        
        We would also like to thank all security researchers that worked 
        with us during the development cycle to prevent security bugs from 
        ever reaching the stable channel.
        
        As usual, our ongoing internal security work was responsible for a 
        wide range of fixes:
        
        [614767] CVE-2016-1695: Various fixes from internal audits, 
        fuzzing and other initiatives." [1]


MITIGATION

        The vendor recommends upgrading to the latest version. [1]


REFERENCES

        [1] Stable Channel Update
            http://googlechromereleases.blogspot.com.au/2016/05/stable-channel-update_25.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV0edz36ZAP0PgtI9AQJc6w/+KinoyZqN5BBRKMcETbsUm4VI3iO0icDz
FL+b3K6oHlzdQJV/kXAA7cyuliUaeBN0Q/TkPRivMiB5SVu0diVHdVd4Y/vTWSyU
19LP1J86CDr9rNmPnQlegTJBLE0x1IbB9CTHajAq63lfyXVqKWuvB15YNs7eqglR
UTwnQusThmc+xGnPSqepiTimniAK4/SgBFq/hYTlC6lf+m2uN+AJUUZ80FO854ZA
QRfpvvQqZcuo7zNR4J4GeYWdVPlPG8hBMY7E3lbTx4ZEtYoNTr3v2XOcrpf39jT7
3DJ9hOydsW0tFrE8EgMNqISoJxmWqQvVjvIBJ5Oyve5D6ByRNFEqTboq0a1hOaYH
L9f9MGrAzrpm8rGz4ESCMq125OPs7rOetNocYZcmafsP8EXyxvCdHE6coyVUqmrE
B9wpRSOO6GR4Zk0OBEyBpBiKIQt2sZD4vBabCjjIgS0kuUrYsOt8J85zG1YONs2M
NDl5ceSVU/R1wHoVk46Zfcf0IZigM/6B+CoMne2m6KrQmFO78G87veOzULlP9j+k
ZVYxADPo0TsIeDfShmziER454nbOHdJ6M7vx3YGekSCUatHCUGFuxMy9G/jNld/A
CG2M+Bf33DuvTTE5vGgtOEMtAEG8KejLVtf87D/4M8yw+T+BkB41+8mkxxbQeHhW
+rZjyg3+dFk=
=pnJM
-----END PGP SIGNATURE-----