Launchpad CVE tracker

CVE 2016-1632

The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.

Related bugs and status

CVE-2016-1632 (Candidate) is related to these bugs:

Bug #1553438: Chromium in Ubuntu still to version 48.0.2564.116 not update to version 49.0.2623.75 as Debian Chromium packages.

Summary				In	Importance	Status
	1553438	Chromium in Ubuntu still to version 48.0.2564.116 not update to version 49.0.2623.75 as Debian Chromium packages.		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
CONFIRM: https://codereview.chr...
BID: 84008
DEBIAN: DSA-3507
GENTOO: GLSA-201603-09
SUSE: SUSE-SU-2016:0665
SUSE: openSUSE-SU-2016:0664
SUSE: openSUSE-SU-2016:0684
SUSE: openSUSE-SU-2016:0729
SECTRACK: 1035185

Launchpad.net

CVE 2016-1632

Related bugs and status

Related bugs

References