Upstream information
Description
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 10 |
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
| National Vulnerability Database | |
|---|---|
| Base Score | 9.8 |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Access Vector | Network |
| Access Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3 |
- SUSE-SU-2016:0665-1, published Sun, 6 Mar 2016 17:12:11 +0100 (CET)
- openSUSE-SU-2016:0664-1, published Sun, 6 Mar 2016 17:11:45 +0100 (CET)
- openSUSE-SU-2016:0684-1, published Tue, 8 Mar 2016 11:12:27 +0100 (CET)
- openSUSE-SU-2016:0729-1, published Fri, 11 Mar 2016 22:11:41 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE 13.1 |
| Patchnames: 2016-316 |
| openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA chromium |
| openSUSE Leap 42.1 |
| Patchnames: 4789 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA chromedriver |
