Arch Linux Security Advisory ASA-201503-5 ========================================= Severity: Critical Date : 2015-03-05 CVE-ID : CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215 CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220 CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225 CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230 CVE-2015-1231 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 41.0.2272.76-1 is vulnerable to multiple issues. While the exact impact has not been disclosed by the vendor, most issues has been classified as having a high or critical impact. Resolution ========== Upgrade to 41.0.2272.76-1. # pacman -Syu "chromium>=41.0.2272.76-1" The problem has been fixed upstream in version 41.0.2272.76. Workaround ========== None. Description =========== - CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213, CVE-2015-1214, CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer overflow in webgl. - CVE-2015-1220: Use-after-free in gif decoder. - CVE-2015-1221: Use-after-free in web databases. - CVE-2015-1222: Use-after-free in service workers. - CVE-2015-1223: Use-after-free in dom. - CVE-2015-1224: Out-of-bounds read in vpxdecoder. - CVE-2015-1225: Out-of-bounds read in pdfium. - CVE-2015-1226: Validation issue in debugger. - CVE-2015-1227: Uninitialized value in blink. - CVE-2015-1228: Uninitialized value in rendering. - CVE-2015-1229: Cookie injection via proxies. - CVE-2015-1230: Type confusion in v8. - CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives. Impact ====== There isn't enough information disclosed by the vendor at this moment. At least one issue has been classified as critical by the vendor (https://code.google.com/p/chromium/issues/detail?id=460145), so arbitrary remote code execution can not be ruled out. References ========== http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1212 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1213 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1214 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1215 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1216 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1217 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1218 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1219 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1220 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1221 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1222 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1223 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1224 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1225 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1226 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1227 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1228 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1229 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1230 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1231