[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0127":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":72,"duplicates":73,"related":74,"reserved_at":9,"published_at":104,"modified_at":105,"state":9,"summary":106,"references_raw":108,"kevs":145,"epss":9,"epss_history":146,"metrics":147,"affected":148},"MGASA-2016-0127","Updated chromium-browser-stable packages fix security vulnerability\n\nChromium-browser-stable 49.0.2623.108 fixes security issues:\n\nMultiple security issues were found in upstream chromium 49.0.2623.87: an\nout-of-bounds read problem in V8 (CVE-2016-1646), use-after-free bugs in\nNavigation (CVE-2016-1647) and Extensions (CVE-2016-1648); a buffer\noverflow in libANGLE (CVE-2016-1649), various security issues found in\ninternal audits, fuzzing, and other initiatives (CVE-2016-1650);  multiple\nvulnerabilities in V8 were fixed in 4.9.385.33.\n\nThe ImageInputType::ensurePrimaryContent function in\nWebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in\nGoogle Chrome before 49.0.2623.87, does not properly maintain the user\nagent shadow DOM, which allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via vectors that\nleverage \"type confusion.\" (CVE-2016-1643)\n\nWebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google\nChrome before 49.0.2623.87, does not properly restrict relayout\nscheduling, which allows remote attackers to cause a denial of service\n(use-after-free) or possibly have unspecified other impact via a crafted\nHTML document. (CVE-2016-1644)\n\nMultiple integer signedness errors in the opj_j2k_update_image_data\nfunction in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before\n49.0.2623.87, allow remote attackers to cause a denial of service\n(incorrect cast and out-of-bounds write) or possibly have unspecified\nother impact via crafted JPEG 2000 data. (CVE-2016-1645)\n\nThe ContainerNode::parserRemoveChild function in\nWebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google\nChrome before 49.0.2623.75, mishandles widget updates, which makes it\neasier for remote attackers to bypass the Same Origin Policy via a\ncrafted web site. (CVE-2016-1630)\n\nThe PPB_Flash_MessageLoop_Impl::InternalRun function in\ncontent/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper\nplugin in Google Chrome before 49.0.2623.75 mishandles nested message\nloops, which allows remote attackers to bypass the Same Origin Policy via\na crafted web site. (CVE-2016-1631)\n\nThe Extensions subsystem in Google Chrome before 49.0.2623.75 does not\nproperly maintain own properties, which allows remote attackers to bypass\nintended access restrictions via crafted JavaScript code that triggers an\nincorrect cast, related to extensions/renderer/v8_helpers.h and\ngin/converter.h. (CVE-2016-1632)\n\nUse-after-free vulnerability in Blink, as used in Google Chrome before\n49.0.2623.75, allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via unknown vectors.\n(CVE-2016-1633)\n\nUse-after-free vulnerability in the StyleResolver::appendCSSStyleSheet\nfunction in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as\nused in Google Chrome before 49.0.2623.75, allows remote attackers to\ncause a denial of service or possibly have unspecified other impact via a\ncrafted web site that triggers Cascading Style Sheets (CSS) style\ninvalidation during a certain subtree-removal action. (2016-1634)\n\nextensions/renderer/render_frame_observer_natives.cc in Google Chrome\nbefore 49.0.2623.75 does not properly consider object lifetimes and\nre-entrancy issues during OnDocumentElementCreated handling, which allows\nremote attackers to cause a denial of service (use-after-free) or possibly\nhave unspecified other impact via unknown vectors. (CVE-2016-1635)\n\nThe PendingScript::notifyFinished function in\nWebKit/Source/core/dom/PendingScript.cpp in Google Chrome before\n49.0.2623.75 relies on memory-cache information about integrity-check\noccurrences instead of integrity-check successes, which allows remote\nattackers to bypass the Subresource Integrity (aka SRI) protection\nmechanism by triggering two loads of the same resource. (CVE-2016-1636)\n\nThe SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia,\nas used in Google Chrome before 49.0.2623.75, mishandles arctangent\ncalculations, which allows remote attackers to obtain sensitive\ninformation via a crafted web site. (CVE-2016-1637)\n\nextensions/renderer/resources/platform_app.js in the Extensions subsystem\nin Google Chrome before 49.0.2623.75 does not properly restrict use of Web\nAPIs, which allows remote attackers to bypass intended access restrictions\nvia a crafted platform app. (CVE-2016-1638)\n\nUse-after-free vulnerability in\nbrowser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in\nthe WebRTC Audio Private API implementation in Google Chrome before\n49.0.2623.75 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact by leveraging incorrect reliance on\nthe resource context pointer. (CVE-2016-1639)\n\nThe Web Store inline-installer implementation in the Extensions UI in\nGoogle Chrome before 49.0.2623.75 does not block installations upon\ndeletion of an installation frame, which makes it easier for remote\nattackers to trick a user into believing that an installation request\noriginated from the user's next navigation target via a crafted web site.\n(CVE-2016-1640)\n\nUse-after-free vulnerability in\ncontent/browser/web_contents/web_contents_impl.cc in Google Chrome before\n49.0.2623.75 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact by triggering an image download\nafter a certain data structure is deleted, as demonstrated by a\nfavicon.ico download. (CVE-2016-1641)\n\nMultiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75\nallow attackers to cause a denial of service or possibly have other impact\nvia unknown vectors. (CVE-2016-1642)\n\nGoogle Chrome before 48.0.2564.116 allows remote attackers to bypass the\nBlink Same Origin Policy and a sandbox protection mechanism via\nunspecified vectors. (CVE-2016-1629)\n\nThe Extensions subsystem in Google Chrome before 48.0.2564.109 does not\nprevent use of the Object.defineProperty method to override intended\nextension behavior, which allows remote attackers to bypass the Same\nOrigin Policy via crafted JavaScript code. (CVE-2016-1622)\n\nThe DOM implementation in Google Chrome before 48.0.2564.109 does not\nproperly restrict frame-attach operations from occurring during or after\nframe-detach operations, which allows remote attackers to bypass the Same\nOrigin Policy via a crafted web site, related to FrameLoader.cpp,\nHTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.\n(CVE-2016-1623)\n\nInteger underflow in the ProcessCommandsInternal function in dec/decode.c\nin Brotli, as used in Google Chrome before 48.0.2564.109, allows remote\nattackers to cause a denial of service (buffer overflow) or possibly have\nunspecified other impact via crafted data with brotli compression.\n(CVE-2016-1624)\n\nThe Chrome Instant feature in Google Chrome before 48.0.2564.109 does not\nensure that a New Tab Page (NTP) navigation target is on the most-visited\nor suggestions list, which allows remote attackers to bypass intended\nrestrictions via unspecified vectors, related to instant_service.cc and\nsearch_tab_helper.cc. (CVE-2016-1625)\n\nThe opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in\nPDFium in Google Chrome before 48.0.2564.109, miscalculates a certain\nlayer index value, which allows remote attackers to cause a denial of\nservice (out-of-bounds read) via a crafted PDF document. (CVE-2016-1626)\n\npi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109,\ndoes not validate a certain precision value, which allows remote attackers\nto execute arbitrary code or cause a denial of service (out-of-bounds\nread) via a crafted JPEG 2000 image in a PDF document, related to the\nopj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.\n(CVE-2016-1628)\n\nThe Developer Tools (aka DevTools) subsystem in Google Chrome before\n48.0.2564.109 does not validate URL schemes and ensure that the remoteBase\nparameter is associated with a chrome-devtools-frontend.appspot.com URL,\nwhich allows remote attackers to bypass intended access restrictions via a\ncrafted URL, related to browser/devtools/devtools_ui_bindings.cc and\nWebKit/Source/devtools/front_end/Runtime.js. (CVE-2016-1627)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":15},"CVE-2016-1622",{"_key":17},"CVE-2016-1623",{"_key":19},"CVE-2016-1624",{"_key":21},"CVE-2016-1625",{"_key":23},"CVE-2016-1626",{"_key":25},"CVE-2016-1627",{"_key":27},"CVE-2016-1628",{"_key":29},"CVE-2016-1629",{"_key":31},"CVE-2016-1630",{"_key":33},"CVE-2016-1631",{"_key":35},"CVE-2016-1632",{"_key":37},"CVE-2016-1633",{"_key":39},"CVE-2016-1634",{"_key":41},"CVE-2016-1635",{"_key":43},"CVE-2016-1636",{"_key":45},"CVE-2016-1637",{"_key":47},"CVE-2016-1638",{"_key":49},"CVE-2016-1639",{"_key":51},"CVE-2016-1640",{"_key":53},"CVE-2016-1641",{"_key":55},"CVE-2016-1642",{"_key":57},"CVE-2016-1643",{"_key":59},"CVE-2016-1644",{"_key":61},"CVE-2016-1645",{"_key":63},"CVE-2016-1646",{"_key":65},"CVE-2016-1647",{"_key":67},"CVE-2016-1648",{"_key":69},"CVE-2016-1649",{"_key":71},"CVE-2016-1650",[],[],[75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},"2016-03-31T20:22:34Z","2026-04-16T06:24:13.696677100Z",{"cisa_kev":107,"cisa_ransomware":107,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[109,115,120,125,129,133,137,141],{"url":110,"sources":111,"tags":113},"https://advisories.mageia.org/MGASA-2016-0127.html",[112],"osv_mageia",[114],"Advisory",{"url":116,"sources":117,"tags":118},"https://bugs.mageia.org/show_bug.cgi?id=17729",[112],[119],"REPORT",{"url":121,"sources":122,"tags":123},"http://googlechromereleases.blogspot.com/2016/02/stable-channel-update.html",[112],[119,124],"WEB",{"url":126,"sources":127,"tags":128},"http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html",[112],[119,124],{"url":130,"sources":131,"tags":132},"http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html",[112],[119,124],{"url":134,"sources":135,"tags":136},"http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",[112],[119,124],{"url":138,"sources":139,"tags":140},"http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html",[112],[119,124],{"url":142,"sources":143,"tags":144},"http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html",[112],[119,124],[],[],[],[149],{"ecosystem":150,"name":151,"vendor":152,"product":151,"cpe_part":9,"purl_type":153,"purl_namespace":152,"purl_name":151,"source":9,"versions":154},"Mageia","chromium-browser-stable","mageia","rpm",[155],{"version":156,"is_range":157,"range_type":158,"version_start":9,"version_start_type":9,"version_end":159,"version_end_type":160,"fixed_in":9},"lt49_0_2623_108_1_1_mga5",true,"ecosystem","49.0.2623.108-1.1.mga5","excluding"]