[arch-security] [ASA-201606-5] chromium: multiple issues
Arch Linux Security Advisory ASA-201606-5 ========================================= Severity: High Date : 2016-06-05 CVE-ID : CVE-2016-1696 CVE-2016-1697 CVE-2016-1698 CVE-2016-1699 CVE-2016-1700 CVE-2016-1701 CVE-2016-1702 CVE-2016-1703 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 51.0.2704.79-1 is vulnerable to multiple issues. Resolution ========== Upgrade to 51.0.2704.79-1. # pacman -Syu "chromium>=51.0.2704.79-1" The problems have been fixed upstream in version 51.0.2704.79. Workaround ========== None. Description =========== - CVE-2016-1696 (cross-origin bypass): Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697 (cross-origin bypass): Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698 (information leakage): Information leak in Extension bindings. Credit to Rob Wu. - CVE-2016-1699 (parameter sanitization failure): Parameter sanitization failure in DevTools. Credit to Gregory Panakkal. - CVE-2016-1700 (use-after-free): Use-after-free in Extensions. Credit to Rob Wu. - CVE-2016-1701 (use-after-free): Use-after-free in Autofill. Credit to Rob Wu. - CVE-2016-1702 (out-of-bounds read): Out-of-bounds read in Skia. Credit to cloudfuzzer. - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives. Impact ====== A remote attacker can access sensitive information, bypass cross-origin restrictions, cause a denial of service or possibly execute arbitrary code on the affected host. References ========== http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html https://access.redhat.com/security/cve/CVE-2016-1696 https://access.redhat.com/security/cve/CVE-2016-1697 https://access.redhat.com/security/cve/CVE-2016-1698 https://access.redhat.com/security/cve/CVE-2016-1699 https://access.redhat.com/security/cve/CVE-2016-1700 https://access.redhat.com/security/cve/CVE-2016-1701 https://access.redhat.com/security/cve/CVE-2016-1702 https://access.redhat.com/security/cve/CVE-2016-1703
participants (1)
-
Remi Gacogne