{"id":"MGASA-2016-0143","summary":"Updated chromium-browser-stable packages fix security vulnerabilities","details":"Chromium-browser-stable 50.0.2661.75 fixes security issues:\n\nCross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner \nfunction in extensions/renderer/module_system.cc in the Extensions subsystem in \nGoogle Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary \nweb script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\" \n(CVE-2016-1652)\n\nThe LoadBuffer implementation in Google V8, as used in Google Chrome before \n50.0.2661.75, mishandles data types, which allows remote attackers to cause a \ndenial of service or possibly have unspecified other impact via crafted \nJavaScript code that triggers an out-of-bounds write operation, related to \ncompiler/pipeline.cc and compiler/simplified-lowering.cc. (CVE-2016-1653)\n\nfxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before \n50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb \nfunctions, which allows remote attackers to obtain sensitive information from \nprocess memory or cause a denial of service (out-of-bounds read) via crafted \nJPEG 2000 data in a PDF document. (CVE-2016-1651)\n\nThe media subsystem in Google Chrome before 50.0.2661.75 does not initialize an \nunspecified data structure, which allows remote attackers to cause a denial of \nservice (invalid read operation) via unknown vectors. (CVE-2016-1654)\n\nGoogle Chrome before 50.0.2661.75 does not properly consider that frame removal \nmay occur during callback execution, which allows remote attackers to cause a \ndenial of service (use-after-free) or possibly have unspecified other impact via \na crafted extension. (CVE-2016-1655)\n\nThe WebContentsImpl::FocusLocationBarByDefault function in \ncontent/browser/web_contents/web_contents_impl.cc in Google Chrome before \n50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote \nattackers to spoof the address bar via a crafted URL. (CVE-2016-1657)\n\nThe Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies \non GetOrigin method calls for origin comparisons, which allows remote attackers \nto bypass the Same Origin Policy and obtain sensitive information via a crafted \nextension. (CVE-2016-1658)\n\nMultiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow \nattackers to cause a denial of service or possibly have other impact via unknown \nvectors. (CVE-2016-1659)\n","modified":"2026-04-16T06:26:11.983043314Z","published":"2016-04-21T14:52:25Z","upstream":["CVE-2016-1651","CVE-2016-1652","CVE-2016-1653","CVE-2016-1654","CVE-2016-1655","CVE-2016-1657","CVE-2016-1658","CVE-2016-1659"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0143.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18205"},{"type":"WEB","url":"http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"50.0.2661.75-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0143.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}