Arch Linux Security Advisory ASA-201609-13 ========================================== Severity: Critical Date : 2016-09-17 CVE-ID : CVE-2016-5170 CVE-2016-5171 CVE-2016-5172 CVE-2016-5173 CVE-2016-5174 CVE-2016-5175 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 53.0.2785.116-1 is vulnerable to multiple issues. Resolution ========== Upgrade to 53.0.2785.116-1. # pacman -Syu "chromium>=53.0.2785.116-1" The problems have been fixed upstream in version 53.0.2785.116. Workaround ========== None. Description =========== - CVE-2016-5170, CVE-2016-5171 (arbitrary code execution) Use after free in Blink. - CVE-2016-5172 (information leakage) Arbitrary Memory Read in v8. - CVE-2016-5173 (access restriction bypass) Extension resource access. - CVE-2016-5174 Popup not correctly suppressed. - CVE-2016-5175 (arbitrary code execution) Various fixes from internal audits, fuzzing and other initiatives. Impact ====== A remote attacker can execute arbitrary code on the affected host, access sensitive information, bypass access restrictions or have other unspecified impact. References ========== https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-d... https://access.redhat.com/security/cve/CVE-2016-5170 https://access.redhat.com/security/cve/CVE-2016-5171 https://access.redhat.com/security/cve/CVE-2016-5172 https://access.redhat.com/security/cve/CVE-2016-5173 https://access.redhat.com/security/cve/CVE-2016-5174 https://access.redhat.com/security/cve/CVE-2016-5175