CVE-2016-1631 in Ubuntu

CVE-2016-1631

Priority

Description

The PPB_Flash_MessageLoop_Impl::InternalRun function in
content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin
in Google Chrome before 49.0.2623.75 mishandles nested message loops, which
allows remote attackers to bypass the Same Origin Policy via a crafted web
site.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1631
http://googlechromereleases.blogspot.ca/2016/03/stable-channel-update.html
https://usn.ubuntu.com/usn/usn-2920-1

Notes

Package

Source: chromium-browser (LP Ubuntu Debian)

Upstream:	released (49.0.2623.75)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [49.0.2623.87-0ubuntu0.14.04.1.1112])
Ubuntu 16.04 LTS (Xenial Xerus):	released (49.0.2623.87-0ubuntu1.1232)

Package

Source: oxide-qt (LP Ubuntu Debian)

Upstream:	released (1.13.6)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [1.13.6-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):	released (1.13.6-0ubuntu1)

More Information

Updated: 2019-12-05 18:44:08 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)