Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201512-5 ======================================== Severity: Critical Date : 2015-12-09 CVE-ID : CVE-2015-6788 CVE-2015-6789 CVE-2015-6790 CVE-2015-6791 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 47.0.2526.80-1 is vulnerable to multiple issues including but not limited to arbitrary code execution, escaping issues and various other unspecified vulnerabilities. Resolution ========= Upgrade to 47.0.2526.80-1. # pacman -Syu "chromium>=47.0.2526.80-1" The problems have been fixed upstream in version 47.0.2526.80. Workaround ========= None. Description ========== - CVE-2015-6788 (arbitrary code execution) A type confusion vulnerability has been discovered in the handling of extensions that could possibly lead to arbitrary code execution. - CVE-2015-6789 (arbitrary code execution) A use-after free vulnerability has been discovered in Blink that could possibly lead to arbitrary code execution. - CVE-2015-6790 (insufficient escaping) An escaping issue has been discovered in saved pages that has unspecified impact. - CVE-2015-6791 (multiple issues) Various unspecified vulnerabilities have been discovered from internal audits, fuzzing and other initiatives. Impact ===== A remote attacker is able to take advantage of multiple vulnerabilities to execute arbitrary code or have other unspecified impact. References ========= https://www.cve.org/CVERecord?id=CVE-2015-6788 https://access.redhat.com/security/cve/CVE-2015-6789 https://access.redhat.com/security/cve/CVE-2015-6790 https://access.redhat.com/security/cve/CVE-2015-6791 https://chromereleases.googleblog.com/2015/12/stable-channel-update_8.html