Blink in Google Chrome before 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote malicious user to perform an out of bounds memory read via crafted HTML pages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
None critical, some embarrassing, all worth the auto-upgrade
Google has patched 21 bugs in its Chrome web browser, closing six high-severity holes along the way. Mountain View paid US$29,133 for the bugs including a top pay out of US$7500 (CVE-2016-5181) for a universal cross-site scripting hole in Blink, and US$5500 (CVE-2016-5182) for a heap overflow in the same web browser engine. Four vulnerabilities affecting the Blink engine were patched including a cross-origin bypass and a user-after-free, but Google did not reveal further details. Two user-after-...