Arch Linux Security Advisory ASA-201509-1 ========================================= Severity: High Date : 2015-09-02 CVE-ID : CVE-2015-1291 CVE-2015-1292 CVE-2015-1293 CVE-2015-1294 CVE-2015-1295 CVE-2015-1296 CVE-2015-1297 CVE-2015-1298 CVE-2015-1299 CVE-2015-1300 CVE-2015-1301 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 45.0.2454.85-1 is vulnerable to multiple issues including cross-origin bypass, use-after-free, character spoofing and information leak. Resolution ========== Upgrade to 45.0.2454.85-1. # pacman -Syu "chromium>=45.0.2454.85-1" The problem has been fixed upstream in version 45.0.2454.85. Workaround ========== None. Description =========== - CVE-2015-1291, CVE-2015-1293: Cross-origin bypass in DOM. - CVE-2015-1292: Cross-origin bypass in ServiceWorker. - CVE-2015-1294: Use-after-free in Skia. - CVE-2015-1295: Use-after-free in Printing. - CVE-2015-1296: Character spoofing in omnibox. - CVE-2015-1297: Permission scoping error in WebRequest. - CVE-2015-1298: URL validation error in extensions. - CVE-2015-1299: Use-after-free in Blink. - CVE-2015-1300: Information leak in Blink. - CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. Impact ====== A remote attacker can bypass the Same-Origin Policy of a website, spoof character in omnibox to trick the user, leak information, cause a denial of service or have other unspecified impact. References ========== http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html https://access.redhat.com/security/cve/CVE-2015-1291 https://access.redhat.com/security/cve/CVE-2015-1292 https://access.redhat.com/security/cve/CVE-2015-1293 https://access.redhat.com/security/cve/CVE-2015-1294 https://access.redhat.com/security/cve/CVE-2015-1295 https://access.redhat.com/security/cve/CVE-2015-1296 https://access.redhat.com/security/cve/CVE-2015-1297 https://access.redhat.com/security/cve/CVE-2015-1298 https://access.redhat.com/security/cve/CVE-2015-1299 https://access.redhat.com/security/cve/CVE-2015-1300 https://access.redhat.com/security/cve/CVE-2015-1301