Arch Linux Security Advisory ASA-201710-27 ========================================== Severity: Critical Date : 2017-10-19 CVE-ID : CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5130 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-456 Summary ======= The package chromium before version 62.0.3202.62-1 is vulnerable to multiple issues including arbitrary code execution, cross-site scripting, access restriction bypass, content spoofing, information disclosure and denial of service. Resolution ========== Upgrade to 62.0.3202.62-1. # pacman -Syu "chromium>=62.0.3202.62-1" The problems have been fixed upstream in version 62.0.3202.62. Workaround ========== None. Description =========== - CVE-2017-15386 (content spoofing) A UI spoofing issue has been found in the Blink component of the Chromium browser < 62.0.3202.62. - CVE-2017-15387 (access restriction bypass) A content security bypass has been found in the Chromium browser < 62.0.3202.62. - CVE-2017-15388 (information disclosure) An out-of-bounds read has been found in the Skia component of the Chromium browser < 62.0.3202.62. - CVE-2017-15389 (content spoofing) A URL spoofing issue has been found in the Omnibox component of the Chromium browser < 62.0.3202.62. - CVE-2017-15390 (content spoofing) A URL spoofing issue has been found in the Omnibox component of the Chromium browser < 62.0.3202.62. - CVE-2017-15391 (access restriction bypass) An extension limitation bypass has been found in the Extensions component of the Chromium browser < 62.0.3202.62. - CVE-2017-15392 (access restriction bypass) An incorrect registry key handling issue has been found in the PlatformIntegration component of the Chromium browser < 62.0.3202.62. - CVE-2017-15393 (information disclosure) A referrer leak has been found in the Devtools component of the Chromium browser < 62.0.3202.62. - CVE-2017-15394 (content spoofing) A URL spoofing flaw has been found in the extensions UI of the Chromium browser < 62.0.3202.62. - CVE-2017-15395 (denial of service) A null-pointer dereference flaw has been found in the ImageCapture component of the Chromium browser < 62.0.3202.62. - CVE-2017-5124 (cross-site scripting) A universal XSS flaw has been found in the MHTML component of the Chromium browser < 62.0.3202.62. - CVE-2017-5125 (arbitrary code execution) A heap overflow security issue has been found in the Skia component of the Chromium browser < 62.0.3202.62. - CVE-2017-5126 (arbitrary code execution) A use-after-free security issue has been found in the PDFium component of the Chromium browser < 62.0.3202.62. - CVE-2017-5127 (arbitrary code execution) A use-after-free security issue has been found in the PDFium component of the Chromium browser < 62.0.3202.62. - CVE-2017-5128 (arbitrary code execution) A heap overflow security issue has been found in the WebGL component of the Chromium browser < 62.0.3202.62. - CVE-2017-5129 (arbitrary code execution) A use-after-free security issue has been found in the WebAudio component of the Chromium browser < 62.0.3202.62. - CVE-2017-5130 (arbitrary code execution) A heap overflow security issue has been found in libxml2. - CVE-2017-5131 (arbitrary code execution) An out-of-bounds write has been found in the Skia component of the Chromium browser < 62.0.3202.62. - CVE-2017-5132 (arbitrary code execution) An incorrect stack manipulation security issue has been found in the WebAssembly component of the Chromium browser < 62.0.3202.62. - CVE-2017-5133 (arbitrary code execution) An out-of-bounds write has been found in the Skia component of the Chromium browser < 62.0.3202.62. Impact ====== A remote attacker can bypass security measures, trick the user by spoofing parts of the UI, cause a denial of service or execute arbitrary code on the affected host. References ========== https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desk... https://crbug.com/752003 https://crbug.com/756040 https://crbug.com/756563 https://crbug.com/739621 https://crbug.com/750239 https://crbug.com/598265 https://crbug.com/714401 https://crbug.com/732751 https://crbug.com/745580 https://crbug.com/759457 https://crbug.com/762930 https://crbug.com/749147 https://crbug.com/760455 https://crbug.com/765384 https://crbug.com/765469 https://crbug.com/765495 https://crbug.com/722079 https://crbug.com/744109 https://crbug.com/718858 https://crbug.com/762106 https://security.archlinux.org/CVE-2017-15386 https://security.archlinux.org/CVE-2017-15387 https://security.archlinux.org/CVE-2017-15388 https://security.archlinux.org/CVE-2017-15389 https://security.archlinux.org/CVE-2017-15390 https://security.archlinux.org/CVE-2017-15391 https://security.archlinux.org/CVE-2017-15392 https://security.archlinux.org/CVE-2017-15393 https://security.archlinux.org/CVE-2017-15394 https://security.archlinux.org/CVE-2017-15395 https://security.archlinux.org/CVE-2017-5124 https://security.archlinux.org/CVE-2017-5125 https://security.archlinux.org/CVE-2017-5126 https://security.archlinux.org/CVE-2017-5127 https://security.archlinux.org/CVE-2017-5128 https://security.archlinux.org/CVE-2017-5129 https://security.archlinux.org/CVE-2017-5130 https://security.archlinux.org/CVE-2017-5131 https://security.archlinux.org/CVE-2017-5132 https://security.archlinux.org/CVE-2017-5133