CVE-2016-1706 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-1706 Interim 1 20 2023-12-09T01:20:33Z current 2021-05-30T13:38:29Z 2023-12-09T01:20:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-1706 The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DRE27M53CUP2JWDSC4VNPW6HFJ6YDEBQ/#DRE27M53CUP2JWDSC4VNPW6HFJ6YDEBQ E-Mail link for openSUSE-SU-2016:1865-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EFOAQPOUMGPNDVB5ZWHMMBG27GEBJHC6/#EFOAQPOUMGPNDVB5ZWHMMBG27GEBJHC6 E-Mail link for openSUSE-SU-2016:1868-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R4NHTU4KKV46O6ZC6IR3Z6EDHZB7OQI2/#R4NHTU4KKV46O6ZC6IR3Z6EDHZB7OQI2 E-Mail link for openSUSE-SU-2016:1869-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EVQCMGD5YVXQB5NAWXMNLFEFSMZ4ZRIA/#EVQCMGD5YVXQB5NAWXMNLFEFSMZ4ZRIA E-Mail link for openSUSE-SU-2016:1918-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 openSUSE Leap 15.0 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed chromedriver-52.0.2743.82-89.1 chromedriver-55.0.2883.75-3.1 chromium-101.0.4951.64-bp154.1.2 chromium-52.0.2743.82-89.1 chromium-55.0.2883.75-3.1 chromium-66.0.3359.170-lp150.1.1 chromium-83.0.4103.97-lp152.1.1 chromium-90.0.4430.212-bp153.1.1 chromium-desktop-gnome-52.0.2743.82-89.1 chromium-desktop-kde-52.0.2743.82-89.1 chromium-ffmpegsumo-52.0.2743.82-89.1 ungoogled-chromium-113.0.5672.92-1.1 ungoogled-chromium-chromedriver-113.0.5672.92-1.1 chromedriver-52.0.2743.82-89.1 as a component of SUSE Package Hub 12 chromium-52.0.2743.82-89.1 as a component of SUSE Package Hub 12 chromium-desktop-gnome-52.0.2743.82-89.1 as a component of SUSE Package Hub 12 chromium-desktop-kde-52.0.2743.82-89.1 as a component of SUSE Package Hub 12 chromium-ffmpegsumo-52.0.2743.82-89.1 as a component of SUSE Package Hub 12 chromium-66.0.3359.170-lp150.1.1 as a component of openSUSE Leap 15.0 chromium-83.0.4103.97-lp152.1.1 as a component of openSUSE Leap 15.2 chromium-90.0.4430.212-bp153.1.1 as a component of openSUSE Leap 15.3 chromium-101.0.4951.64-bp154.1.2 as a component of openSUSE Leap 15.4 chromedriver-55.0.2883.75-3.1 as a component of openSUSE Tumbleweed chromium-55.0.2883.75-3.1 as a component of openSUSE Tumbleweed ungoogled-chromium-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed ungoogled-chromium-chromedriver-113.0.5672.92-1.1 as a component of openSUSE Tumbleweed The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. CVE-2016-1706 SUSE Package Hub 12:chromedriver-52.0.2743.82-89.1 SUSE Package Hub 12:chromium-52.0.2743.82-89.1 SUSE Package Hub 12:chromium-desktop-gnome-52.0.2743.82-89.1 SUSE Package Hub 12:chromium-desktop-kde-52.0.2743.82-89.1 SUSE Package Hub 12:chromium-ffmpegsumo-52.0.2743.82-89.1 openSUSE Leap 15.0:chromium-66.0.3359.170-lp150.1.1 openSUSE Leap 15.2:chromium-83.0.4103.97-lp152.1.1 openSUSE Leap 15.3:chromium-90.0.4430.212-bp153.1.1 openSUSE Leap 15.4:chromium-101.0.4951.64-bp154.1.2 openSUSE Tumbleweed:chromedriver-55.0.2883.75-3.1 openSUSE Tumbleweed:chromium-55.0.2883.75-3.1 openSUSE Tumbleweed:ungoogled-chromium-113.0.5672.92-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-113.0.5672.92-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 9.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H