ArchLinux: 201610-15: chromium: multiple issues
Summary
- CVE-2016-5181 (cross-site scripting)
An universal XSS flaw was found in the Blink component of the Chromium
browser.
- CVE-2016-5182 (arbitrary code execution)
A heap overflow flaw was found in the Blink component of the Chromium
browser.
- CVE-2016-5183 (arbitrary code execution)
An use after free flaw was found in the PDFium component of the
Chromium browser.
- CVE-2016-5184 (arbitrary code execution)
An use after free flaw was found in the PDFium component of the
Chromium browser.
- CVE-2016-5185 (arbitrary code execution)
An use after free flaw was found in the Blink component of the Chromium
browser.
- CVE-2016-5186 (information disclosure)
An out of bounds read flaw was found in the DevTools component of the
Chromium browser.
- CVE-2016-5187 (content spoofing)
An URL spoofing flaw was found in the Chromium browser.
- CVE-2016-5188 (content spoofing)
An UI spoofing flaw was found in the Chromium browser.
- CVE-2016-5189 (content spoofing)
An URL spoofing flaw was found in the Chromium browser.
- CVE-2016-5190 (arbitrary code execution)
An use after free flaw was found in the Internals component of the
Chromium browser.
- CVE-2016-5191 (cross-site scripting)
An universal XSS flaw was found in the Bookmarks component of the
Chromium browser.
- CVE-2016-5192 (same-origin policy bypass)
A cross-origin bypass flaw was found in the Blink component of the
Chromium browser.
- CVE-2016-5193 (insufficient validation)
A scheme bypass vulnerability has been discovered.
- CVE-2016-5194 (arbitrary code execution)
Various fixes from internal audits, fuzzing and other initiatives.
Resolution
Upgrade to 54.0.2840.59-1.
# pacman -Syu "chromium>=54.0.2840.59-1"
The problems have been fixed upstream in version 54.0.2840.59.
References
https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html https://access.redhat.com/security/cve/CVE-2016-5181 https://access.redhat.com/security/cve/CVE-2016-5182 https://access.redhat.com/security/cve/CVE-2016-5183 https://access.redhat.com/security/cve/CVE-2016-5184 https://access.redhat.com/security/cve/CVE-2016-5185 https://access.redhat.com/security/cve/CVE-2016-5186 https://access.redhat.com/security/cve/CVE-2016-5187 https://access.redhat.com/security/cve/CVE-2016-5188 https://access.redhat.com/security/cve/CVE-2016-5189 https://access.redhat.com/security/cve/CVE-2016-5190 https://access.redhat.com/security/cve/CVE-2016-5191 https://access.redhat.com/security/cve/CVE-2016-5192 https://access.redhat.com/security/cve/CVE-2016-5193 https://access.redhat.com/security/cve/CVE-2016-5194
Workaround
None.