Redhat » Enterprise Linux Server Supplementary : Security Vulnerabilities, CVEs, Published In 2016 (Memory corruption)
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
Max CVSS
8.8
EPSS Score
0.80%
Published
2016-05-14
Updated
2018-10-30
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
2.12%
Published
2016-05-14
Updated
2018-10-30
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
Max CVSS
8.3
EPSS Score
0.42%
Published
2016-05-14
Updated
2018-10-30
3 vulnerabilities found