CVE-2016-1677: Infoleak
First published: Thu May 26 2016(Updated: )
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/Chrome | <51.0.2704.63 | 51.0.2704.63 |
| Google Chrome (Trace Event) | <=50.0.2661.102 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 | |
| Debian | =8.0 | |
| SUSE Linux | =42.1 | |
| SUSE Linux | =13.2 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| SUSE Linux Enterprise Server | =12.0 | |
| Google V8 | <=5.1.281 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://code.google.com/p/chromium/issues/detail?id=602970
- http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
- https://access.redhat.com/errata/RHSA-2016:1190
- https://bugzilla.redhat.com/show_bug.cgi?id=1340010
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
- http://www.debian.org/security/2016/dsa-3590
- http://www.securityfocus.com/bid/90876
- http://www.securitytracker.com/id/1035981
- http://www.ubuntu.com/usn/USN-2992-1
- https://codereview.chromium.org/1936083002
- https://crbug.com/602970
- https://security.gentoo.org/glsa/201607-07
Frequently Asked Questions
What is the severity of CVE-2016-1677?
CVE-2016-1677 has been assigned a moderate severity level due to its potential to expose sensitive information.
How do I fix CVE-2016-1677?
To fix CVE-2016-1677, update affected software to Google Chrome version 51.0.2704.63 or later.
Which versions of Google Chrome are affected by CVE-2016-1677?
CVE-2016-1677 affects Google Chrome versions prior to 51.0.2704.63.
What systems are impacted by CVE-2016-1677?
CVE-2016-1677 impacts various operating systems including Ubuntu, Debian, openSUSE, and Red Hat Enterprise Linux.
What kind of exploit does CVE-2016-1677 involve?
CVE-2016-1677 involves a type confusion vulnerability in the uri.js component of Google V8 affecting the decodeURI function.
- agent/references
- agent/first-publish-date
- agent/type
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-1677
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/50.0.2661.102
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- version/suse linux/13.2
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0
- canonical/google v8
- version/google v8/5.1.281