Phil Oester

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.85 for Android **Description** The issue is related to insufficient validation of intent URLs in the content view client, allowing a remote attacker who has compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. This could also enable a remote attacker to bypass certificate validation using a specially crafted HTML page. **Recommendations** For Google Chrome versions prior to 54.0.2840.85 for Android, update to version 54.0.2840.85 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Open-Xchange OX App Suite versions prior to 7.8.1-rev14 **Description** An issue in Open-Xchange OX App Suite allows for script code execution in the context of the active user when adding images from external sources to HTML editors by drag&drop. This can be exploited by tricking a user into using an image from a specially crafted website and adding it to HTML editor areas, such as E-Mail Compose or OX Text. The attack circumvents typical XSS filters and detection mechanisms since the code is injected locally. Malicious script code can be executed within a user's context, leading to session hijacking or triggering unwanted actions via the web interface, such as sending mail or deleting data. This vulnerability requires social-engineering to convince a user to follow specific steps. **Recommendations** For versions prior to 7.8.1-rev14, update to version 7.8.1-rev14 or later to resolve the issue. As a temporary workaround, consider restricting the use of external images in HTML editors to minimize the risk of exploitation. Avoid using the drag&drop feature to add images from external sources to HTML editor areas until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.90 for Linux Google Chrome versions prior to 54.0.2840.85 for Android Google Chrome versions prior to 54.0.2840.87 for Windows and Mac **Description** The issue is related to incorrect optimization assumptions in the V8 component of Google Chrome, which can be exploited by a remote attacker to perform arbitrary read/write operations, leading to code execution. This can be achieved via a crafted HTML page. **Recommendations** For Google Chrome versions prior to 54.0.2840.90 for Linux, update to version 54.0.2840.90 or later. For Google Chrome versions prior to 54.0.2840.85 for Android, update to version 54.0.2840.85 or later. For Google Chrome versions prior to 54.0.2840.87 for Windows and Mac, update to version 54.0.2840.87 or later. As a temporary workaround, consider avoiding the use of specially crafted HTML pages until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.x through 4.8.2 **Description** A race condition in the `mm/gup.c` component of the Linux kernel allows local users to gain elevated privileges. This occurs due to the incorrect handling of the copy-on-write (COW) feature—a mechanism that allows multiple processes to share the same data in memory until one process attempts to modify it—which enables writing to a read-only memory mapping. This issue was exploited in the wild in October 2016 and is also known as Dirty COW. Additionally, the UNC2891 threat group has utilized this flaw to escalate privileges within banking infrastructures. **Recommendations** Update the Linux kernel to version 4.8.3 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux Google Chrome version prior to 54.0.2840.85 for Android Opera (affected versions not specified) **Description** A heap use after free in PDFium allows a remote attacker to potentially exploit heap corruption via crafted PDF files. **Recommendations** For Google Chrome versions prior to 54.0.2840.59 for Windows, Mac, and Linux, update to version 54.0.2840.59 or later. For Google Chrome version prior to 54.0.2840.85 for Android, update to version 54.0.2840.85 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome OS versions prior to 53.0.2785.103 **Description** A format string issue allows remote attackers to cause a denial of service or possibly have other unspecified impacts via unknown vectors. **Recommendations** For versions prior to 53.0.2785.103, update to version 53.0.2785.103 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.113 Opera (affected versions not specified) **Description** The issue allows remote attackers to bypass the SafeBrowsing protection mechanism. The estimated number of potentially affected devices and details about real-world incidents are not provided. Technical details about exploitation, such as API endpoints, vulnerable parameters, or function names, are not specified. **Recommendations** For Google Chrome versions prior to 53.0.2785.113, update to version 53.0.2785.113 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.113 Opera (affected versions not specified) **Description** The issue involves multiple unspecified vulnerabilities that allow attackers to cause a denial of service or possibly have other impact via unknown vectors. **Recommendations** For Google Chrome versions prior to 53.0.2785.113, update to version 53.0.2785.113 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux **Description** The issue allows remote attackers to spoof the address bar via a crafted web site due to improper validation of access to the initial document. **Recommendations** For Google Chrome versions prior to 53.0.2785.89 on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome versions prior to 53.0.2785.92 on Linux, update to version 53.0.2785.92 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera (affected versions not specified) **Description** The Indexed Database API implementation in the affected software does not properly restrict key-path evaluation, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts via crafted JavaScript code that leverages certain side effects. **Recommendations** For Google Chrome versions prior to 53.0.2785.89 on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome versions prior to 53.0.2785.92 on Linux, update to version 53.0.2785.92 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera (affected versions not specified) **Description** The issue is related to the mishandling of timers in PDFium, which can be exploited by remote attackers using a crafted PDF document. This can lead to a denial of service (use-after-free) or possibly have other unspecified impacts. The problem is associated with the files fpdfsdk/javascript/JS Object.cpp and fpdfsdk/javascript/app.cpp. **Recommendations** For Google Chrome on Windows and OS X prior to version 53.0.2785.89, update to version 53.0.2785.89 or later. For Google Chrome on Linux prior to version 53.0.2785.92, update to version 53.0.2785.92 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 53.0.2785.89 Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the `opj dwt interleave v` function in `dwt.c` in OpenJPEG. This function is used in PDFium in Google Chrome and Opera. The overflow can be triggered by remote attackers via crafted coordinate values in JPEG 2000 data, allowing them to execute arbitrary code. **Recommendations** For Google Chrome on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome on Linux, update to version 53.0.2785.92 or later. For OpenJPEG, consider disabling the `opj dwt interleave v` function in `dwt.c` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Opera.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux **Description** The issue is related to the EditingStyle::mergeStyle function in WebKit, which mishandles custom properties. This can be exploited by remote attackers via a crafted web site, leveraging `type confusion` in the StylePropertySerializer class, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Google Chrome versions prior to 53.0.2785.89 on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome versions prior to 53.0.2785.92 on Linux, update to version 53.0.2785.92 or later. As a temporary workaround, consider restricting access to the StylePropertySerializer class until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 52.0.2743.85 **Description** The issue is related to an integer overflow in the `kbasep vinstr attach client` function, which can be exploited by remote attackers to cause a denial of service. This is achieved through a heap-based buffer overflow and use-after-free by leveraging an unrestricted multiplication. **Recommendations** For versions prior to 52.0.2743.85, update to version 52.0.2743.85 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera Mail versions prior to 2016-02-16 **Description** The issue allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. **Recommendations** For Opera Mail versions prior to 2016-02-16, update to a version released after 2016-02-16 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 50.0.2661.94 Opera (affected versions not specified) **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. This is related to the Skia component used in the affected browsers. **Recommendations** For Google Chrome versions prior to 50.0.2661.94, update to version 50.0.2661.94 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.0.0 through 3.1.7 Squid versions 3.2.0 through 3.2.0.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted request. This is due to a problem in the string-comparison functions. **Recommendations** For Squid versions 3.0.0 through 3.1.7, update to version 3.1.8 or later. For Squid versions 3.2.0 through 3.2.0.1, update to version 3.2.0.2 or later.