漏洞类别:Local
漏洞等级: 
漏洞信息
Google Chrome is a web browser for multiple platforms developed by Google.
This Google Chrome update fixes the following vulnerabilities:
CVE-2016-5147: Universal XSS in Blink.
CVE-2016-5148: Universal XSS in Blink.
CVE-2016-5149: Script injection in extensions.
CVE-2016-5150: Use after free in Blink.
CVE-2016-5151: Use after free in PDFium.
CVE-2016-5152: Heap overflow in PDFium.
CVE-2016-5153: Use after destruction in Blink.
CVE-2016-5154: Heap overflow in PDFium.
CVE-2016-5155: Address bar spoofing.
CVE-2016-5156: Use after free in event bindings.
CVE-2016-5157: Heap overflow in PDFium.
CVE-2016-5158: Heap overflow in PDFium.
CVE-2016-5159: Heap overflow in PDFium.
CVE-2016-5161: Type confusion in Blink.
CVE-2016-5162: Extensions web accessible resources bypass.
CVE-2016-5163: Address bar spoofing.
CVE-2016-5164: Universal XSS using DevTools.
CVE-2016-5165: Script injection in DevTools.
CVE-2016-5166: SMB Relay Attack via Save Page As.
CVE-2016-5160: Extensions web accessible resources bypass.
CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives.
Affected Versions:
Google Chrome versions prior to 53.0.2785.89 are affected.
漏洞危害
Successful exploitation of these vulnerabilities could allow a remote attacker to bypass certain security restrictions, obtain sensitive information, execute arbitrary code or cause a denial of service condition on the system.
解决方案
Customers are advised to upgrade to Google Chrome 53.0.2785.89 or a later version.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论