[arch-security] [ASA-201605-15] chromium: multiple issues
rgacogne at archlinux.org
Thu May 12 22:05:01 UTC 2016
Arch Linux Security Advisory ASA-201605-15
Date : 2016-05-12
CVE-ID : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package chromium before version 50.0.2661.102-1 is vulnerable to
multiple issues including same-origin policy bypass, denial of service
and possibly arbitrary code execution.
Upgrade to 50.0.2661.102-1.
# pacman -Syu "chromium>=50.0.2661.102-1"
The problem has been fixed upstream in version 50.0.2661.102.
Same origin bypass in DOM. Credit to Mariusz Mlynski.
Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
Buffer overflow in V8. Credit to Choongwoo Han.
Race condition in loader. Credit to anonymous.
A remote attacker can bypass the same-origin policy to access sensitive
information, cause a denial of service by crashing the application or
possibly execute arbitrary code on the affected host.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security