Ubuntu: USN-3153-1 (CVE-2016-9652): Oxide vulnerabilities

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3153-1:

Multiple vulnerabilities were discovered in Chromium. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to conduct cross-site scripting (XSS) attacks,

read uninitialized memory, obtain sensitive information, spoof the

webview URL, bypass same origin restrictions, cause a denial of service

via application crash, or execute arbitrary code. (CVE-2016-5204,

CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212,

CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226,

CVE-2016-9650, CVE-2016-9652)

Multiple vulnerabilities were discovered in V8. If a user were tricked in

to opening a specially crafted website, an attacker could potentially

exploit these to obtain sensitive information, cause a denial of service

via application crash, or execute arbitrary code. (CVE-2016-5213,

CVE-2016-5219, CVE-2016-9651)

An integer overflow was discovered in ANGLE. If a user were tricked in to

opening a specially crafted website, an attacker could potentially exploit

this to cause a denial of service via application crash, or execute

arbitrary code. (CVE-2016-5221)