CVE-2016-1648

Published: 29 March 2016

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (49.0.2623.108)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (49.0.2623.108-0ubuntu1.1233)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [49.0.2623.108-0ubuntu0.14.04.1.1113])
oxide-qt
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)