Multiple issues in Blink in Google Chrome before 54.0.2840.59 for Windows, Mac, and Linux allow a remote malicious user to spoof various parts of browser UI via crafted HTML pages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
None critical, some embarrassing, all worth the auto-upgrade
Google has patched 21 bugs in its Chrome web browser, closing six high-severity holes along the way. Mountain View paid US$29,133 for the bugs including a top pay out of US$7500 (CVE-2016-5181) for a universal cross-site scripting hole in Blink, and US$5500 (CVE-2016-5182) for a heap overflow in the same web browser engine. Four vulnerabilities affecting the Blink engine were patched including a cross-origin bypass and a user-after-free, but Google did not reveal further details. Two user-after-...