ArchLinux: 201512-5: chromium: multiple issues
Summary
- CVE-2015-6788 (arbitrary code execution)
A type confusion vulnerability has been discovered in the handling of
extensions that could possibly lead to arbitrary code execution.
- CVE-2015-6789 (arbitrary code execution)
A use-after free vulnerability has been discovered in Blink that could
possibly lead to arbitrary code execution.
- CVE-2015-6790 (insufficient escaping)
An escaping issue has been discovered in saved pages that has
unspecified impact.
- CVE-2015-6791 (multiple issues)
Various unspecified vulnerabilities have been discovered from internal
audits, fuzzing and other initiatives.
Resolution
Upgrade to 47.0.2526.80-1.
# pacman -Syu "chromium>=47.0.2526.80-1"
The problems have been fixed upstream in version 47.0.2526.80.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6788 https://access.redhat.com/security/cve/CVE-2015-6789 https://access.redhat.com/security/cve/CVE-2015-6790 https://access.redhat.com/security/cve/CVE-2015-6791 https://chromereleases.googleblog.com/2015/12/stable-channel-update_8.html
Workaround
None.