Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2016.0059 Multiple vulnerabilities have been identified in Google Chrome 27 May 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Chrome Operating System: Windows OS X Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-1695 CVE-2016-1694 CVE-2016-1693 CVE-2016-1692 CVE-2016-1691 CVE-2016-1690 CVE-2016-1689 CVE-2016-1688 CVE-2016-1687 CVE-2016-1686 CVE-2016-1685 CVE-2016-1684 CVE-2016-1683 CVE-2016-1682 CVE-2016-1681 CVE-2016-1680 CVE-2016-1679 CVE-2016-1678 CVE-2016-1677 CVE-2016-1676 CVE-2016-1675 CVE-2016-1674 CVE-2016-1673 CVE-2016-1672 Member content until: Saturday, June 25 2016 OVERVIEW Multiple vulnerabilities have been identified in Google Chrome prior to version 51.0.2704.63. [1] IMPACT The vendor has provided the following information: "This update includes 42 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information. [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. [$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. [$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360. [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG. [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos. [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB. [$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG. [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG. [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. As usual, our ongoing internal security work was responsible for a wide range of fixes: [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives." [1] MITIGATION The vendor recommends upgrading to the latest version. [1] REFERENCES [1] Stable Channel Update http://googlechromereleases.blogspot.com.au/2016/05/stable-channel-update_25.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV0edz36ZAP0PgtI9AQJc6w/+KinoyZqN5BBRKMcETbsUm4VI3iO0icDz FL+b3K6oHlzdQJV/kXAA7cyuliUaeBN0Q/TkPRivMiB5SVu0diVHdVd4Y/vTWSyU 19LP1J86CDr9rNmPnQlegTJBLE0x1IbB9CTHajAq63lfyXVqKWuvB15YNs7eqglR UTwnQusThmc+xGnPSqepiTimniAK4/SgBFq/hYTlC6lf+m2uN+AJUUZ80FO854ZA QRfpvvQqZcuo7zNR4J4GeYWdVPlPG8hBMY7E3lbTx4ZEtYoNTr3v2XOcrpf39jT7 3DJ9hOydsW0tFrE8EgMNqISoJxmWqQvVjvIBJ5Oyve5D6ByRNFEqTboq0a1hOaYH L9f9MGrAzrpm8rGz4ESCMq125OPs7rOetNocYZcmafsP8EXyxvCdHE6coyVUqmrE B9wpRSOO6GR4Zk0OBEyBpBiKIQt2sZD4vBabCjjIgS0kuUrYsOt8J85zG1YONs2M NDl5ceSVU/R1wHoVk46Zfcf0IZigM/6B+CoMne2m6KrQmFO78G87veOzULlP9j+k ZVYxADPo0TsIeDfShmziER454nbOHdJ6M7vx3YGekSCUatHCUGFuxMy9G/jNld/A CG2M+Bf33DuvTTE5vGgtOEMtAEG8KejLVtf87D/4M8yw+T+BkB41+8mkxxbQeHhW +rZjyg3+dFk= =pnJM -----END PGP SIGNATURE-----