PublicDateAtUSN: 2016-09-02
Candidate: CVE-2016-5150
PublicDate: 2016-09-11 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5150
 http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
 https://ubuntu.com/security/notices/USN-3058-1
Description:
 WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used
 in Google Chrome before 53.0.2785.89 on Windows and OS X and before
 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API
 implementation that does not properly restrict key-path evaluation, which
 allows remote attackers to cause a denial of service (use-after-free) or
 possibly have unspecified other impact via crafted JavaScript code that
 leverages certain side effects.
Ubuntu-Description:
Notes:
Bugs:
 https://crbug.com/637963
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_chromium-browser:
upstream_chromium-browser: released (53.0.2785.92)
precise_chromium-browser: ignored
trusty_chromium-browser: released (53.0.2785.143-0ubuntu0.14.04.1.1142)
trusty/esm_chromium-browser: DNE (trusty was released [53.0.2785.143-0ubuntu0.14.04.1.1142])
vivid/ubuntu-core_chromium-browser: DNE
vivid/stable-phone-overlay_chromium-browser: DNE
xenial_chromium-browser: released (53.0.2785.143-0ubuntu0.16.04.1.1254)
yakkety_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)
devel_chromium-browser: released (53.0.2785.143-0ubuntu1.1307)

Patches_oxide-qt:
upstream_oxide-qt: released (1.17.6)
precise_oxide-qt: DNE
trusty_oxide-qt: released (1.17.7-0ubuntu0.14.04.1)
trusty/esm_oxide-qt: DNE (trusty was released [1.17.7-0ubuntu0.14.04.1])
vivid/ubuntu-core_oxide-qt: DNE
vivid/stable-phone-overlay_oxide-qt: released (1.17.9-0ubuntu0.15.04.1~overlay2)
xenial_oxide-qt: released (1.17.7-0ubuntu0.16.04.1)
esm-infra/xenial_oxide-qt: released (1.17.7-0ubuntu0.16.04.1)
yakkety_oxide-qt: released (1.17.7-0ubuntu1)
devel_oxide-qt: released (1.17.7-0ubuntu1)