Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-3153-1 (CVE-2016-9652): Oxide vulnerabilities

Back to Search

Ubuntu: USN-3153-1 (CVE-2016-9652): Oxide vulnerabilities

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/01/2016
Created
07/25/2018
Added
12/09/2016
Modified
11/25/2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3153-1:

Multiple vulnerabilities were discovered in Chromium. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to conduct cross-site scripting (XSS) attacks,

read uninitialized memory, obtain sensitive information, spoof the

webview URL, bypass same origin restrictions, cause a denial of service

via application crash, or execute arbitrary code. (CVE-2016-5204,

CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5212,

CVE-2016-5215, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226,

CVE-2016-9650, CVE-2016-9652)

Multiple vulnerabilities were discovered in V8. If a user were tricked in

to opening a specially crafted website, an attacker could potentially

exploit these to obtain sensitive information, cause a denial of service

via application crash, or execute arbitrary code. (CVE-2016-5213,

CVE-2016-5219, CVE-2016-9651)

An integer overflow was discovered in ANGLE. If a user were tricked in to

opening a specially crafted website, an attacker could potentially exploit

this to cause a denial of service via application crash, or execute

arbitrary code. (CVE-2016-5221)

Solution(s)

  • ubuntu-upgrade-liboxideqtcore0

References

  • ubuntu-upgrade-liboxideqtcore0

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;