CVE-2016-1677 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-1677 Interim 1 15 2023-12-09T01:20:45Z current 2021-05-30T13:38:22Z 2023-12-09T01:20:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-1677 uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BGOZSEAYGAYPPMCXMGEYRXPKI6BMBG56/#BGOZSEAYGAYPPMCXMGEYRXPKI6BMBG56 E-Mail link for openSUSE-SU-2016:1430-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WRI5DQX46JWQYF32WAI3ZPMR4ASTKNZC/#WRI5DQX46JWQYF32WAI3ZPMR4ASTKNZC E-Mail link for openSUSE-SU-2016:1433-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSKH2A65AOZ5BGJNYWXFTG4DTM5IYSEZ/#SSKH2A65AOZ5BGJNYWXFTG4DTM5IYSEZ E-Mail link for openSUSE-SU-2016:1496-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed chromedriver-55.0.2883.75-3.1 chromium-101.0.4951.64-bp154.1.2 chromium-55.0.2883.75-3.1 chromium-66.0.3359.170-lp150.1.1 chromium-83.0.4103.97-lp152.1.1 chromium-90.0.4430.212-bp153.1.1 ungoogled-chromium-113.0.5672.92-1.1 ungoogled-chromium-chromedriver-113.0.5672.92-1.1 chromium-66.0.3359.170-lp150.1.1 as a component of openSUSE Leap 15.0 chromium-83.0.4103.97-lp152.1.1 as a component of openSUSE Leap 15.2 chromium-90.0.4430.212-bp153.1.1 as a component of openSUSE Leap 15.3 chromium-101.0.4951.64-bp154.1.2 as a component of openSUSE Leap 15.4 chromedriver-55.0.2883.75-3.1 as a component of openSUSE Tumbleweed chromium-55.0.2883.75-3.1 as a component of openSUSE Tumbleweed ungoogled-chromium-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed ungoogled-chromium-chromedriver-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." CVE-2016-1677 openSUSE Leap 15.0:chromium-66.0.3359.170-lp150.1.1 openSUSE Leap 15.2:chromium-83.0.4103.97-lp152.1.1 openSUSE Leap 15.3:chromium-90.0.4430.212-bp153.1.1 openSUSE Leap 15.4:chromium-101.0.4951.64-bp154.1.2 openSUSE Tumbleweed:chromedriver-55.0.2883.75-3.1 openSUSE Tumbleweed:chromium-55.0.2883.75-3.1 openSUSE Tumbleweed:ungoogled-chromium-113.0.5672.92-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-113.0.5672.92-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N