Arch Linux 2015-09-28 ASA-201509-11 High: Chromium Cross-Origin Bypass
Sep 28, 2015
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package chromium before version 45.0.2454.101-1 is vulnerable to cross-origin bypass.
Arch Linux Security Advisory ASA-201509-11 ========================================= Severity: High Date : 2015-09-28 CVE-ID : CVE-2015-1303 CVE-2015-1304 Package : chromium Type : cross-origin bypass Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 45.0.2454.101-1 is vulnerable to cross-origin bypass. Resolution ========= Upgrade to 45.0.2454.101-1. # pacman -Syu "chromium>=45.0.2454.101-1" The problem has been fixed upstream in version 45.0.2454.101. Workaround ========= None. Description ========== - CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski. Impact ===== A remote attacker can bypass the cross-origin resource sharing policy, thus getting access to sensitive data. References ========= https://chromereleases.googleblog.com/2015/09/stable-channel-update_24.html https://access.redhat.com/security/cve/CVE-2015-1303 https://access.redhat.com/security/cve/CVE-2015-1304
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!