漏洞类别:Local
漏洞等级: 
漏洞信息
Google Chrome is a web browser for multiple platforms developed by Google.
This Google Chrome update fixes the following vulnerabilities:
CVE-2016-5208 Universal XSS in Blink.
CVE-2016-5207 Universal XSS in Blink.
CVE-2016-5206 Same-origin bypass in PDFium.
CVE-2016-5205 Universal XSS in Blink.
CVE-2016-5204 Universal XSS in Blink.
CVE-2016-5209 Out of bounds write in Blink.
CVE-2016-5203 Use after free in PDFium.
CVE-2016-5210 Out of bounds write in PDFium.
CVE-2016-5212 Local file disclosure in DevTools.
CVE-2016-5211 Use after free in PDFium.
CVE-2016-5213 Use after free in V8.
CVE-2016-5214 File download protection bypass.
CVE-2016-5216 Use after free in PDFium.
CVE-2016-5215 Use after free in Webaudio.
CVE-2016-5217 Use of unvalidated data in PDFium.
CVE-2016-5218 Address spoofing in Omnibox.
CVE-2016-5219 Use after free in V8.
CVE-2016-5221 Integer overf
CVE-2016-5220 Local file access in PDFium.
CVE-2016-5222 Address spoofing in Omnibox.
CVE-2016-9650 CSP Referrer disclosure.
CVE-2016-5223 Integer overf
CVE-2016-5225 CSP bypass in Blink.
CVE-2016-5224 Same-origin bypass in SVG.
CVE-2016-5226 Limited XSS in Blink.
Affected Versions:
Google Chrome versions prior to 55.0.2883.75 are affected.
漏洞危害
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain potentially sensitive information on the target system.
解决方案
Customers are advised to upgrade to Google Chrome 55.0.2883.75 or a later version.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论