vulnerability
FreeBSD: chromium -- multiple vulnerabilities (Multiple CVEs)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Feb 8, 2016 | Feb 12, 2016 | Jul 28, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 8, 2016
Added
Feb 12, 2016
Modified
Jul 28, 2025
Description
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
Solution
freebsd-upgrade-package-chromium
References
- CVE-2016-1622
- https://attackerkb.com/topics/CVE-2016-1622
- CVE-2016-1623
- https://attackerkb.com/topics/CVE-2016-1623
- CVE-2016-1625
- https://attackerkb.com/topics/CVE-2016-1625
- CVE-2016-1626
- https://attackerkb.com/topics/CVE-2016-1626
- CVE-2016-1627
- https://attackerkb.com/topics/CVE-2016-1627
- DEBIAN-DSA-3486
- URL-http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.