Arch Linux Security Advisory ASA-201603-1 ========================================= Severity: High Date : 2016-03-03 CVE-ID : CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 49.0.2623.75-1 is vulnerable to multiple issues. Resolution ========== Upgrade to 49.0.2623.75-1. # pacman -Syu "chromium>=49.0.2623.75-1" The problem has been fixed upstream in version 49.0.2623.75. Workaround ========== None. Description =========== - CVE-2015-8126: Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8. - CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski. - CVE-2016-1632: Bad cast in Extensions. - CVE-2016-1633, CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu. - CVE-2016-1636: SRI Validation Bypass. Credit to Ryan Lester and Bryant Zadegan. - CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy. - CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu. - CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani. - CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera. - CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG. - CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives. Impact ====== A remote attacker can bypass restrictions like the same-origin policy and the WebAPI restrictions, or have other unspecified impact. References ========== http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2016-1630 https://access.redhat.com/security/cve/CVE-2016-1631 https://access.redhat.com/security/cve/CVE-2016-1632 https://access.redhat.com/security/cve/CVE-2016-1633 https://access.redhat.com/security/cve/CVE-2016-1634 https://access.redhat.com/security/cve/CVE-2016-1635 https://access.redhat.com/security/cve/CVE-2016-1636 https://access.redhat.com/security/cve/CVE-2016-1637 https://access.redhat.com/security/cve/CVE-2016-1638 https://access.redhat.com/security/cve/CVE-2016-1639 https://access.redhat.com/security/cve/CVE-2016-1640 https://access.redhat.com/security/cve/CVE-2016-1641 https://access.redhat.com/security/cve/CVE-2016-1642