ArchLinux: 201509-11: chromium: cross-origin bypass
Summary
- CVE-2015-1303:
Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
- CVE-2015-1304:
Cross-origin bypass in V8. Credit to Mariusz Mlynski.
Resolution
Upgrade to 45.0.2454.101-1.
# pacman -Syu "chromium>=45.0.2454.101-1"
The problem has been fixed upstream in version 45.0.2454.101.
References
https://chromereleases.googleblog.com/2015/09/stable-channel-update_24.html https://access.redhat.com/security/cve/CVE-2015-1303 https://access.redhat.com/security/cve/CVE-2015-1304
Workaround
None.