Arch Linux Security Advisory ASA-201602-17
=========================================
Severity: Critical
Date : 2016-02-21
CVE-ID : CVE-2016-1629
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE
Summary
======
The package chromium before version 48.0.2564.116-1 is vulnerable to
multiple issues.
Resolution
=========
Upgrade to 48.0.2564.116-1.
# pacman -Syu "chromium>=48.0.2564.116-1"
The problem has been fixed upstream in version 48.0.2564.116.
Workaround
=========
None.
Description
==========
Same-origin bypass in Blink and Sandbox escape in Chrome.
Impact
=====
A remote attacker might be able to execute arbitrary code by getting the
affected user to visit a specially crafted web page.
References
=========
https://chromereleases.googleblog.com/2016/02/stable-channel-update_18.html
https://access.redhat.com/security/cve/CVE-2016-1629