ArchLinux: 201601-28: chromium: multiple issues
Summary
- CVE-2016-1612:
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8 does not
ensure receiver compatibility before performing a cast of an unspecified
variable, which allows remote attackers to cause a denial of service or
possibly have unknown other impact via crafted JavaScript code. Credit
to cloudfuzzer.
- CVE-2016-1613:
Multiple use-after-free vulnerabilities in the formfiller implementation
in PDFium allow remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted PDF document,
related to improper tracking of the destruction of (1) IPWL_FocusHandler
and (2) IPWL_Provider objects.
- CVE-2016-1614:
The UnacceleratedImageBufferSurface class in
WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in
Blink mishandles the initialization mode, which allows remote attackers
to obtain sensitive information from process memory via a crafted web
site. Credit to Christoph Diehl.
- CVE-2016-1615:
The Omnibox implementation allows remote attackers to spoof a document's
origin via unspecified vectors. Credit to Ron Masas.
- CVE-2016-1616:
The CustomButton::AcceleratorPressed function in
ui/views/controls/button/custom_button.cc allows remote attackers to
spoof URLs via vectors involving an unfocused custom button. Credit to
Luan Herrera.
- CVE-2016-1617:
The CSPSource::schemeMatches function in
WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security
Policy (CSP) implementation in Blink does not apply http policies to
https URLs and does not apply ws policies to wss URLs, which makes it
easier for remote attackers to determine whether a specific HSTS web
site has been visited by reading a CSP report. Credit to Yan Zhu.
- CVE-2016-1618:
Blink does not ensure that a proper cryptographicallyRandomValues random
number generator is used, which makes it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors.
Credit to Aaron Toponce.
- CVE-2016-1619:
Multiple integer overflows in the sycc422_to_rgb and sycc444_to_rgb
functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium allow remote
attackers to cause a denial of service (out-of-bounds read) or possibly
have unspecified other impact via a crafted PDF document. Credit to Keve
Nagy.
- CVE-2016-1620:
Various fixes from internal audits, fuzzing and other initiatives.
Resolution
Upgrade to 48.0.2564.82-1.
# pacman -Syu "chromium>=48.0.2564.82-1"
The problem has been fixed upstream in version 48.0.2564.82.
References
https://chromereleases.googleblog.com/2016/01/stable-channel-update_20.html https://access.redhat.com/security/cve/CVE-2016-1612 https://access.redhat.com/security/cve/CVE-2016-1613 https://access.redhat.com/security/cve/CVE-2016-1614 https://access.redhat.com/security/cve/CVE-2016-1615 https://access.redhat.com/security/cve/CVE-2016-1616 https://access.redhat.com/security/cve/CVE-2016-1617 https://access.redhat.com/security/cve/CVE-2016-1618 https://access.redhat.com/security/cve/CVE-2016-1619 https://access.redhat.com/security/cve/CVE-2016-1620
Workaround
None.