Arch Linux Security Advisory ASA-201603-5 ========================================= Severity: High Date : 2016-03-09 CVE-ID : CVE-2016-1643 CVE-2016-1644 CVE-2016-1645 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 49.0.2623.87-1 is vulnerable to multiple issues including type confusion, use-after-free and out-of-bounds write. Resolution ========== Upgrade to 49.0.2623.87-1. # pacman -Syu "chromium>=49.0.2623.87-1" The problems have been fixed upstream in version 49.0.2623.87. Workaround ========== None. Description =========== - CVE-2016-1643 (type confusion) Type confusion in Blink. - CVE-2016-1644 (use-after-free) Use-after-free in Blink. - CVE-2016-1645 (out-of-bounds write) Out-of-bounds write in PDFium. Impact ====== A remote attacker is able to crash the application resulting in denial of service or execute arbitrary code. References ========== https://access.redhat.com/security/cve/CVE-2016-1643 https://access.redhat.com/security/cve/CVE-2016-1644 https://access.redhat.com/security/cve/CVE-2016-1645 http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html