PT-2016-1612 · Google+4 · Google Chrome+4

Publicado

2016-03-24

·

Atualizado

2024-06-15

·

CVE-2016-1648

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 49.0.2623.108 Opera versions prior to 49.0.2623.108
Description The issue is related to a use-after-free vulnerability in the GetLoadTimes function in the Extensions implementation. This vulnerability can be exploited by remote attackers using specially crafted JavaScript code, potentially causing a denial of service or other unspecified impact.
Recommendations For Google Chrome versions prior to 49.0.2623.108, update to version 49.0.2623.108 or later. For Opera versions prior to 49.0.2623.108, update to version 49.0.2623.108 or later. As a temporary workaround, consider disabling the GetLoadTimes function in the Extensions implementation until a patch is available.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-1283
BDU:2016-00913
CVE-2016-1648
DSA-3531-1
MGASA-2016-0127
OPENSUSE-SU-2016_0929-1
OPENSUSE-SU-2016_1059-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
RHSA-2016:0525
RHSA-2016_0525

Produtos afetados

Alt Linux
Google Chrome
Opera
Red Hat
Suse