This issue has been fixed in WebGL in Google Chrome version 101.0.2 and later. CVE-2016-3075 There is a bug in WebGL in Google Chrome prior to version 65 that causes a crash when a malformed image is loaded. CVE-2016-3076 There is a bug in WebGL in Google Chrome prior to version 65 that allows a remote attacker to inject arbitrary scripts or HTML via vectors involving crafted media content. CVE-2016-3077 There is a bug in WebGL in Google Chrome prior to version 65 that allows a remote attacker to bypass security restrictions via a crafted HTML page. CVE-2016-3078 There is a bug in WebGL in Google Chrome prior to version 65 that causes a crash when a malformed image is loaded. CVE-2016-3079 There is a bug in WebGL in Google Chrome prior to version 65 that allows a remote attacker to bypass security restrictions via a crafted HTML page. CVE-2016-3080 There is a bug in WebGL in Google Chrome prior to version 65 that allows a remote attacker to inject arbitrary scripts or HTML via vectors involving crafted media content. CVE-2016-3081 There is a bug in WebGL in Google Chrome prior to version 65 that allows a remote attacker to inject arbitrary scripts or HTML via vectors involving linked media content. CVE-2016-3082 There is a bug in WebGL in Google Chrome prior to version 65 that allows a remote attacker to inject arbitrary scripts or HTML via
WebAssembly and Native Client
WebAssembly is a new, portable binary format designed for client-side execution in web browsers. The project aims to improve programmability and portability of web applications by providing efficient and feature-rich ways of running programs written in languages like C/C++, Rust, and Go.
Native Client (Nacl) is Google's implementation of WebAssembly that allows native code to be run in a secure sandbox on the Chrome browser.
Timeline
Published on: 07/26/2022 22:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC