Main Vulnerability Database SB2016100318

SB2016100318 - Fedora 25 update for chromium

Published: October 3, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016100318

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Arbitrary code execution (CVE-ID: CVE-2016-5177)

The vulnerability allows a remote user to cause arbitrary code execution on the target user's system.
The weakness exists due to use-after-free memory error in the V8 engine. By sending a specially crafted content and tricking the victim to upload it attackers can trigger the arbitrary code to be executed.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

2) Arbitrary code execution (CVE-ID: CVE-2016-5178)

The vulnerability allows a remote user to cause arbitrary code execution on the target user's system.
The weakness exists due to insufficient input validation. By sending a specially crafted content and tricking the victim to upload it attackers can trigger the arbitrary code to be executed.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-a90040934d