CVE-2016-1706

Priority
Description
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not
validate the origin of IPC messages to the plugin broker process that
should have come from the browser process, which allows remote attackers to
bypass a sandbox protection mechanism via an unexpected message type,
related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc,
ppapi_thread.cc, and render_frame_message_filter.cc.
Package
Upstream:released (52.0.2743.82)
Ubuntu 14.04 LTS (Trusty Tahr):released (52.0.2743.116-0ubuntu0.14.04.1.1134)
Ubuntu 16.04 LTS (Xenial Xerus):released (52.0.2743.116-0ubuntu0.16.04.1.1250)
Package
Upstream:released (1.16.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.16.5-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.16.5-0ubuntu0.16.04.1)
More Information

Updated: 2018-10-31 21:22:36 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)