CVE-2016-1624

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 48.0.2564.109 Opera (affected versions not specified) Brotli (affected versions not specified)

Description The issue is caused by an integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli. This can be exploited by remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.

Recommendations For Google Chrome versions prior to 48.0.2564.109, update to version 48.0.2564.109 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the ProcessCommandsInternal function in Brotli until a patch is available. Restrict access to the dec/decode.c module to minimize the risk of exploitation.