漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
Multiple vulnerabilities were discovered in Chromium.
Multiple vulnerabilities were discovered in V8.
An integer overflow was discovered in ANGLE.
漏洞危害
If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, read uninitialized memory, obtain sensitive information, spoof the webview URL, bypass same origin restrictions, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5204, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212, CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9652)
If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5213, CVE-2016-5219, CVE-2016-9651)
If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5221)
解决方案
Refer to Ubuntu advisory USN-3153-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3153-1: 14.04 (Kylin) on src (liboxideqtcore0)
0day
文章评论