qt5-webengine

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Provides support for web applications using the Chromium browser project
Version 5.12.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-545 5.9.3-1 5.10.0-1 Critical Fixed
AVG-339 5.9.0-2 5.9.1-1 Critical Fixed
AVG-162 5.7.1-1 5.8.0-1 High Fixed
AVG-109 5.7.0-7 5.7.1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2017-5133 AVG-545 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Skia component of the Chromium browser < 62.0.3202.62.
CVE-2017-5132 AVG-545 Critical Yes Arbitrary code execution
An incorrect stack manipulation security issue has been found in the WebAssembly component of the Chromium browser < 62.0.3202.62.
CVE-2017-5129 AVG-545 Critical Yes Arbitrary code execution
A use-after-free security issue has been found in the WebAudio component of the Chromium browser < 62.0.3202.62.
CVE-2017-5128 AVG-545 Critical Yes Arbitrary code execution
A heap overflow security issue has been found in the WebGL component of the Chromium browser < 62.0.3202.62.
CVE-2017-5127 AVG-545 Critical Yes Arbitrary code execution
A use-after-free security issue has been found in the PDFium component of the Chromium browser < 62.0.3202.62.
CVE-2017-5126 AVG-545 Critical Yes Arbitrary code execution
A use-after-free security issue has been found in the PDFium component of the Chromium browser < 62.0.3202.62.
CVE-2017-5124 AVG-545 High Yes Cross-site scripting
A universal XSS flaw has been found in the MHTML component of the Chromium browser < 62.0.3202.62.
CVE-2017-5089 AVG-339 Medium Yes Content spoofing
A domain spoofing vulnerability has been found in the Omnibox component of the Chromium browser < 59.0.3071.104.
CVE-2017-5088 AVG-339 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in the V8 component of the Chromium browser < 59.0.3071.104.
CVE-2017-5083 AVG-339 Low Yes Content spoofing
A UI spoofing flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5079 AVG-339 Medium Yes Content spoofing
A UI spoofing flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5078 AVG-339 High Yes Arbitrary command execution
A possible command injection flaw has been found in the mailto handling component of the Chromium browser.
CVE-2017-5077 AVG-339 High Yes Arbitrary code execution
A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
CVE-2017-5076 AVG-339 Medium Yes Content spoofing
An address spoofing flaw has been found in the Omnibox component of the Chromium browser.
CVE-2017-5075 AVG-339 Medium Yes Information disclosure
An information leak flaw has been found in the CSP reporting component of the Chromium browser.
CVE-2017-5071 AVG-339 High Yes Information disclosure
An out of bounds read flaw has been found in the V8 component of the Chromium browser.
CVE-2017-5070 AVG-339 Critical Yes Arbitrary code execution
A type confusion flaw has been found in the V8 component of the Chromium browser.
CVE-2017-15394 AVG-545 Low Yes Content spoofing
A URL spoofing flaw has been found in the extensions UI of the Chromium browser < 62.0.3202.62.
CVE-2017-15392 AVG-545 Low Yes Access restriction bypass
An incorrect registry key handling issue has been found in the PlatformIntegration component of the Chromium browser < 62.0.3202.62.
CVE-2017-15390 AVG-545 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser < 62.0.3202.62.
CVE-2017-15388 AVG-545 Medium Yes Information disclosure
An out-of-bounds read has been found in the Skia component of the Chromium browser < 62.0.3202.62.
CVE-2017-15387 AVG-545 Medium Yes Access restriction bypass
A content security bypass has been found in the Chromium browser < 62.0.3202.62.
CVE-2017-15386 AVG-545 Medium Yes Content spoofing
A UI spoofing issue has been found in the Blink component of the Chromium browser < 62.0.3202.62.
CVE-2016-9651 AVG-162 High Yes Access restriction bypass
A private property access flaw was found in the V8 component of the Chromium browser.
CVE-2016-9650 AVG-162 Low Yes Information disclosure
A CSP referrer disclosure vulnerability has been discovered in the Chromium browser.
CVE-2016-5225 AVG-162 Low Yes Access restriction bypass
A CSP bypass flaw was found in the Blink component of the Chromium browser.
CVE-2016-5224 AVG-162 Low Yes Same-origin policy bypass
A same-origin bypass flaw was found in the SVG component of the Chromium browser.
CVE-2016-5223 AVG-162 Low Yes Arbitrary code execution
An integer overflow flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5222 AVG-162 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2016-5221 AVG-162 Medium Yes Arbitrary code execution
An integer overflow flaw was found in the ANGLE component of the Chromium browser.
CVE-2016-5219 AVG-162 Medium Yes Arbitrary code execution
An use after free flaw was found in the V8 component of the Chromium browser.
CVE-2016-5218 AVG-162 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2016-5217 AVG-162 Medium Yes Insufficient validation
An use of unvalidated data flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5216 AVG-162 Medium Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5215 AVG-162 Medium Yes Arbitrary code execution
An use after free flaw was found in the Webaudio component of the Chromium browser.
CVE-2016-5214 AVG-162 Medium Yes Insufficient validation
A file download protection bypass was discovered in the Chromium browser.
CVE-2016-5213 AVG-162 High Yes Arbitrary code execution
An use after free flaw was found in the V8 component of the Chromium browser.
CVE-2016-5212 AVG-162 High No Arbitrary filesystem access
A local file disclosure flaw was found in the DevTools component of the Chromium browser.
CVE-2016-5211 AVG-162 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5210 AVG-162 High Yes Arbitrary code execution
An out of bounds write flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5208 AVG-162 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5207 AVG-162 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5206 AVG-162 High Yes Same-origin policy bypass
A same-origin bypass flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5205 AVG-162 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5204 AVG-162 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5203 AVG-162 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5201 AVG-162 Medium Yes Information disclosure
An information disclosure flaw was found in the extensions component of the Chromium browser before 54.0.2840.100.
CVE-2016-5199 AVG-162 High Yes Arbitrary code execution
FFMPEG MP4 decoder contains an off-by-one error resulting in an allocation of size 0, followed by corrupting an arbitrary number of pointers out of bounds...
CVE-2016-5198 AVG-109 High Yes Arbitrary code execution
An out of bounds memory access flaw was found in the V8 component of the Chromium browser.
CVE-2016-5192 AVG-109 Medium Yes Same-origin policy bypass
A cross-origin bypass flaw was found in the Blink component of the Chromium browser.
CVE-2016-5189 AVG-162 Medium Yes Content spoofing
An URL spoofing flaw was found in the Chromium browser.
CVE-2016-5188 AVG-109 Medium Yes Content spoofing
An UI spoofing flaw was found in the Chromium browser.
CVE-2016-5187 AVG-109 High Yes Content spoofing
An URL spoofing flaw was found in the Chromium browser.
CVE-2016-5186 AVG-109 Medium Yes Information disclosure
An out of bounds read flaw was found in the DevTools component of the Chromium browser.
CVE-2016-5185 AVG-109 High Yes Arbitrary code execution
An use after free flaw was found in the Blink component of the Chromium browser.
CVE-2016-5183 AVG-162 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5182 AVG-162 High Yes Arbitrary code execution
A heap overflow flaw was found in the Blink component of the Chromium browser.
CVE-2016-5181 AVG-109 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5172 AVG-109 Medium Yes Information disclosure
The parser in Google V8 mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
CVE-2016-5171 AVG-109 Critical Yes Arbitrary code execution
WebKit/Source/bindings/templates/interface.cpp in Blink does not prevent certain constructor calls, which allows remote attackers to cause a denial of...
CVE-2016-5170 AVG-109 Critical Yes Arbitrary code execution
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does not properly consider getter side effects during array key conversion, which allows...
CVE-2016-5166 AVG-109 Medium Yes Information disclosure
The download implementation in Chromium does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for...
CVE-2016-5161 AVG-109 Medium Yes Information disclosure
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom properties, which allows remote attackers to...
CVE-2016-5155 AVG-109 High Yes Content spoofing
Chromium does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
CVE-2016-5153 AVG-109 Critical Yes Arbitrary code execution
The Web Animations implementation in Blink improperly relies on list iteration, which allows remote attackers to cause a denial of service...
CVE-2016-5147 AVG-109 High Yes Cross-site scripting
Blink, as used in Google Chrome, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web...
CVE-2016-5133 AVG-109 Medium Yes Content spoofing
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a...

Advisories

Date Advisory Group Severity Description
13 Dec 2017 ASA-201712-6 AVG-545 Critical multiple issues
04 Jul 2017 ASA-201707-4 AVG-339 Critical multiple issues
02 Feb 2017 ASA-201702-2 AVG-162 High multiple issues
17 Dec 2016 ASA-201612-18 AVG-109 Critical multiple issues