ArchLinux: 201703-19: chromium: arbitrary code execution
Summary
- CVE-2017-5052 (arbitrary code execution)
An invalid cast vulnerability has been found in the Blink component of
the Chromium browser.
- CVE-2017-5053 (arbitrary code execution)
An out of bounds memory access vulnerability has been found in the V8
component of the Chromium browser.
- CVE-2017-5054 (arbitrary code execution)
A heap buffer overflow vulnerability has been found in the V8 component
of the Chromium browser.
- CVE-2017-5055 (arbitrary code execution)
A use-after-free vulnerability has been found in the printing component
of the Chromium browser.
- CVE-2017-5056 (arbitrary code execution)
A use-after-free vulnerability has been found in the Blink component of
the Chromium browser.
Resolution
Upgrade to 57.0.2987.133-1.
# pacman -Syu "chromium>=57.0.2987.133-1"
The problems have been fixed upstream in version 57.0.2987.133.
References
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://bugs.chromium.org/p/chromium/issues/detail?id=662767 https://bugs.chromium.org/p/chromium/issues/detail?id=702058 https://bugs.chromium.org/p/chromium/issues/detail?id=699166 https://bugs.chromium.org/p/chromium/issues/detail?id=698622 https://bugs.chromium.org/p/chromium/issues/detail?id=705445 https://security.archlinux.org/CVE-2017-5052 https://security.archlinux.org/CVE-2017-5053 https://security.archlinux.org/CVE-2017-5054 https://security.archlinux.org/CVE-2017-5055 https://security.archlinux.org/CVE-2017-5056
Workaround
None.