SB2016100503 - Red Hat update for chromium-browser

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016100503

SB2016100503 - Red Hat update for chromium-browser

Published: October 5, 2016

Security Bulletin ID SB2016100503
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Arbitrary code execution (CVE-ID: CVE-2016-5177)

The vulnerability allows a remote user to cause arbitrary code execution on the target user's system.
The weakness exists due to use-after-free memory error in the V8 engine. By sending a specially crafted content and tricking the victim to upload it attackers can trigger the arbitrary code to be executed.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

2) Arbitrary code execution (CVE-ID: CVE-2016-5178)

The vulnerability allows a remote user to cause arbitrary code execution on the target user's system.
The weakness exists due to insufficient input validation. By sending a specially crafted content and tricking the victim to upload it attackers can trigger the arbitrary code to be executed.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References