CVE-2016-1677
Summary
| CVE | CVE-2016-1677 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-05 23:59:00 UTC |
| Updated | 2023-11-07 02:30:00 UTC |
| Description | uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Chrome | All | All | All | All | |
| Application | V8 | All | All | All | All | |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Suse | Linux Enterprise | 12.0 | All | All | All |
| Operating System | Suse | Linux Enterprise | 12.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Chromium: Multiple vulnerabilities (GLSA 201607-07) — Gentoo security | security.gentoo.org | ||
| Chrome Releases: Stable Channel Update | googlechromereleases.blogspot.com | ||
| Issue 602970 - chromium - An open-source project to help move the web forward. - Monorail | CONFIRM | crbug.com | Permissions Required |
| [security-announce] openSUSE-SU-2016:1496-1: important: Security update | lists.opensuse.org | ||
| Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [security-announce] openSUSE-SU-2016:1433-1: important: Security update | lists.opensuse.org | ||
| Google Chrome Prior to 51.0.2704.63 Multiple Security Vulnerabilities | www.securityfocus.com | ||
| Debian -- Security Information -- DSA-3590-1 chromium-browser | www.debian.org | ||
| Issue 1936083002: Version 5.1.281.26 (cherry-pick) - Code Review | CONFIRM | codereview.chromium.org | Issue Tracking |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:1430-1: important: Security update | lists.opensuse.org | ||
| USN-2992-1: Oxide vulnerabilities | Ubuntu | www.ubuntu.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.