Arch Linux Security Advisory ASA-201512-5 ========================================= Severity: Critical Date : 2015-12-09 CVE-ID : CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 47.0.2526.80-1 is vulnerable to multiple issues including but not limited to arbitrary code execution, escaping issues and various other unspecified vulnerabilities. Resolution ========== Upgrade to 47.0.2526.80-1. # pacman -Syu "chromium>=47.0.2526.80-1" The problems have been fixed upstream in version 47.0.2526.80. Workaround ========== None. Description =========== - CVE-2015-6788 (arbitrary code execution) A type confusion vulnerability has been discovered in the handling of extensions that could possibly lead to arbitrary code execution. - CVE-2015-6789 (arbitrary code execution) A use-after free vulnerability has been discovered in Blink that could possibly lead to arbitrary code execution. - CVE-2015-6790 (insufficient escaping) An escaping issue has been discovered in saved pages that has unspecified impact. - CVE-2015-6791 (multiple issues) Various unspecified vulnerabilities have been discovered from internal audits, fuzzing and other initiatives. Impact ====== A remote attacker is able to take advantage of multiple vulnerabilities to execute arbitrary code or have other unspecified impact. References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6788 https://access.redhat.com/security/cve/CVE-2015-6789 https://access.redhat.com/security/cve/CVE-2015-6790 https://access.redhat.com/security/cve/CVE-2015-6791 http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html