Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201605-15 ========================================= Severity: High Date : 2016-05-12 CVE-ID : CVE-2016-1667 CVE-2016-1668 CVE-2016-1669 CVE-2016-1670 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package chromium before version 50.0.2661.102-1 is vulnerable to multiple issues including same-origin policy bypass, denial of service and possibly arbitrary code execution. Resolution ========= Upgrade to 50.0.2661.102-1. # pacman -Syu "chromium>=50.0.2661.102-1" The problem has been fixed upstream in version 50.0.2661.102. Workaround ========= None. Description ========== - CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. - CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han. - CVE-2016-1670: Race condition in loader. Credit to anonymous. Impact ===== A remote attacker can bypass the same-origin policy to access sensitive information, cause a denial of service by crashing the application or possibly execute arbitrary code on the affected host. References ========= https://chromereleases.googleblog.com/2016/05/stable-channel-update.html https://access.redhat.com/security/cve/CVE-2016-1667 https://access.redhat.com/security/cve/CVE-2016-1668 https://access.redhat.com/security/cve/CVE-2016-1669 https://access.redhat.com/security/cve/CVE-2016-1670