[arch-security] [ASA-201704-5] chromium: multiple issues

Remi Gacogne rgacogne at archlinux.org
Thu Apr 20 10:16:59 UTC 2017


Arch Linux Security Advisory ASA-201704-5
=========================================

Severity: Critical
Date    : 2017-04-20
CVE-ID  : CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060
          CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064
          CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-250

Summary
=======

The package chromium before version 58.0.3029.81-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
incorrect calculation and same-origin policy bypass.

Resolution
==========

Upgrade to 58.0.3029.81-1.

# pacman -Syu "chromium>=58.0.3029.81-1"

The problems have been fixed upstream in version 58.0.3029.81.

Workaround
==========

None.

Description
===========

- CVE-2017-5057 (arbitrary code execution)

A type confusion issue has been found in the PDFium component of the
Chromium browser.

- CVE-2017-5058 (arbitrary code execution)

A heap use after free issue has been found in the Print Preview
component of the Chromium browser.

- CVE-2017-5059 (arbitrary code execution)

A type confusion issue has been found in the Blink component of the
Chromium browser.

- CVE-2017-5060 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.

- CVE-2017-5061 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.

- CVE-2017-5062 (arbitrary code execution)

A use after free issue has been found in the Chrome Apps component of
the Chromium browser.

- CVE-2017-5063 (arbitrary code execution)

A heap overflow issue has been found in the Skia component of the
Chromium browser.

- CVE-2017-5064 (arbitrary code execution)

A use after free flaw has been found in the Blink component of the
Chromium browser.

- CVE-2017-5065 (content spoofing)

An incorrect UI issue has been found in the Blink component of the
Chromium browser.

- CVE-2017-5066 (incorrect calculation)

An incorrect signature handing issue has been found in the Networking
component of the Chromium browser.

- CVE-2017-5067 (content spoofing)

A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.

- CVE-2017-5069 (same-origin policy bypass)

A cross-origin bypass issue has been found in the Blink component of
the Chromium browser.

Impact
======

A remote attacker can spoof URL, bypass security checks and execute
arbitrary code on the affected host.

References
==========

https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
https://crbug.com/695826
https://crbug.com/694382
https://crbug.com/684684
https://crbug.com/683314
https://crbug.com/672847
https://crbug.com/702896
https://crbug.com/700836
https://crbug.com/693974
https://crbug.com/704560
https://crbug.com/690821
https://crbug.com/648117
https://crbug.com/691726
https://security.archlinux.org/CVE-2017-5057
https://security.archlinux.org/CVE-2017-5058
https://security.archlinux.org/CVE-2017-5059
https://security.archlinux.org/CVE-2017-5060
https://security.archlinux.org/CVE-2017-5061
https://security.archlinux.org/CVE-2017-5062
https://security.archlinux.org/CVE-2017-5063
https://security.archlinux.org/CVE-2017-5064
https://security.archlinux.org/CVE-2017-5065
https://security.archlinux.org/CVE-2017-5066
https://security.archlinux.org/CVE-2017-5067
https://security.archlinux.org/CVE-2017-5069

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20170420/c1a3c4cb/attachment.asc>


More information about the arch-security mailing list