AVG-109 log

Package qt5-webengine
Status Fixed
Severity Critical
Type multiple issues
Affected 5.7.0-7
Fixed 5.7.1-1
Current 5.15.18-5 [extra]
Ticket None
Created Sat Dec 17 14:20:01 2016
Issue Severity Remote Type Description
CVE-2016-5198 High Yes Arbitrary code execution
An out of bounds memory access flaw was found in the V8 component of the Chromium browser.
CVE-2016-5192 Medium Yes Same-origin policy bypass
A cross-origin bypass flaw was found in the Blink component of the Chromium browser.
CVE-2016-5188 Medium Yes Content spoofing
An UI spoofing flaw was found in the Chromium browser.
CVE-2016-5187 High Yes Content spoofing
An URL spoofing flaw was found in the Chromium browser.
CVE-2016-5186 Medium Yes Information disclosure
An out of bounds read flaw was found in the DevTools component of the Chromium browser.
CVE-2016-5185 High Yes Arbitrary code execution
An use after free flaw was found in the Blink component of the Chromium browser.
CVE-2016-5181 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5172 Medium Yes Information disclosure
The parser in Google V8 mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
CVE-2016-5171 Critical Yes Arbitrary code execution
WebKit/Source/bindings/templates/interface.cpp in Blink does not prevent certain constructor calls, which allows remote attackers to cause a denial of...
CVE-2016-5170 Critical Yes Arbitrary code execution
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does not properly consider getter side effects during array key conversion, which allows...
CVE-2016-5166 Medium Yes Information disclosure
The download implementation in Chromium does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for...
CVE-2016-5161 Medium Yes Information disclosure
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom properties, which allows remote attackers to...
CVE-2016-5155 High Yes Content spoofing
Chromium does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
CVE-2016-5153 Critical Yes Arbitrary code execution
The Web Animations implementation in Blink improperly relies on list iteration, which allows remote attackers to cause a denial of service...
CVE-2016-5147 High Yes Cross-site scripting
Blink, as used in Google Chrome, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web...
CVE-2016-5133 Medium Yes Content spoofing
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a...
Date Advisory Package Type
17 Dec 2016 ASA-201612-18 qt5-webengine multiple issues
References
https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.7.1?h=5.7