ArchLinux: ASA-201503-5 Critical: Chromium Issues Resolved

The package chromium before version 41.0.2272.76-1 is vulnerable to multiple issues. While the exact impact has not been disclosed by the vendor, most issues has been classified as having a high or critical impact.

Arch Linux Security Advisory ASA-201503-5
========================================
Severity: Critical
Date    : 2015-03-05
CVE-ID  : CVE-2015-1212 CVE-2015-1213 CVE-2015-1214 CVE-2015-1215
CVE-2015-1216 CVE-2015-1217 CVE-2015-1218 CVE-2015-1219 CVE-2015-1220
CVE-2015-1221 CVE-2015-1222 CVE-2015-1223 CVE-2015-1224 CVE-2015-1225
CVE-2015-1226 CVE-2015-1227 CVE-2015-1228 CVE-2015-1229 CVE-2015-1230
CVE-2015-1231
Package : chromium
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package chromium before version 41.0.2272.76-1 is vulnerable to
multiple issues. While the exact impact has not been disclosed by the
vendor, most issues has been classified as having a high or critical impact.

Resolution
=========
Upgrade to 41.0.2272.76-1.

# pacman -Syu "chromium>=41.0.2272.76-1"

The problem has been fixed upstream in version 41.0.2272.76.

Workaround
=========
None.

Description
==========
- CVE-2015-1212:

Out-of-bounds write in media.

- CVE-2015-1213, CVE-2015-1214, CVE-2015-1215:

Out-of-bounds write in skia filters.

- CVE-2015-1216:

Use-after-free in v8 bindings.

- CVE-2015-1217:

Type confusion in v8 bindings.

- CVE-2015-1218:

Use-after-free in dom.

- CVE-2015-1219:

Integer overflow in webgl.

- CVE-2015-1220:

Use-after-free in gif decoder.

- CVE-2015-1221:

Use-after-free in web databases.

- CVE-2015-1222:

Use-after-free in service workers.

- CVE-2015-1223:

Use-after-free in dom.

- CVE-2015-1224:

Out-of-bounds read in vpxdecoder.

- CVE-2015-1225:

Out-of-bounds read in pdfium.

- CVE-2015-1226:

Validation issue in debugger.

- CVE-2015-1227:

Uninitialized value in blink.

- CVE-2015-1228:

Uninitialized value in rendering.

- CVE-2015-1229:

 Cookie injection via proxies.

- CVE-2015-1230:

 Type confusion in v8.

- CVE-2015-1231:

Various fixes from internal audits, fuzzing and other initiatives.

Impact
=====
There isn't enough information disclosed by the vendor at this moment.
At least one issue has been classified as critical by the vendor
(), so
arbitrary remote code execution can not be ruled out.

References
=========
https://chromereleases.googleblog.com/2015/03/stable-channel-update.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1212
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1213
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1214
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1215
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1216
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1217
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1218
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1221
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1222
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1223
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1224
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1225
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1227
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1228
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1229
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1230
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1231