ArchLinux: 201704-5: chromium: multiple issues
Summary
- CVE-2017-5057 (arbitrary code execution)
A type confusion issue has been found in the PDFium component of the
Chromium browser.
- CVE-2017-5058 (arbitrary code execution)
A heap use after free issue has been found in the Print Preview
component of the Chromium browser.
- CVE-2017-5059 (arbitrary code execution)
A type confusion issue has been found in the Blink component of the
Chromium browser.
- CVE-2017-5060 (content spoofing)
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.
- CVE-2017-5061 (content spoofing)
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.
- CVE-2017-5062 (arbitrary code execution)
A use after free issue has been found in the Chrome Apps component of
the Chromium browser.
- CVE-2017-5063 (arbitrary code execution)
A heap overflow issue has been found in the Skia component of the
Chromium browser.
- CVE-2017-5064 (arbitrary code execution)
A use after free flaw has been found in the Blink component of the
Chromium browser.
- CVE-2017-5065 (content spoofing)
An incorrect UI issue has been found in the Blink component of the
Chromium browser.
- CVE-2017-5066 (incorrect calculation)
An incorrect signature handing issue has been found in the Networking
component of the Chromium browser.
- CVE-2017-5067 (content spoofing)
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.
- CVE-2017-5069 (same-origin policy bypass)
A cross-origin bypass issue has been found in the Blink component of
the Chromium browser.
Resolution
Upgrade to 58.0.3029.81-1.
# pacman -Syu "chromium>=58.0.3029.81-1"
The problems have been fixed upstream in version 58.0.3029.81.
References
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2017-5057 https://security.archlinux.org/CVE-2017-5058 https://security.archlinux.org/CVE-2017-5059 https://security.archlinux.org/CVE-2017-5060 https://security.archlinux.org/CVE-2017-5061 https://security.archlinux.org/CVE-2017-5062 https://security.archlinux.org/CVE-2017-5063 https://security.archlinux.org/CVE-2017-5064 https://security.archlinux.org/CVE-2017-5065 https://security.archlinux.org/CVE-2017-5066 https://security.archlinux.org/CVE-2017-5067 https://security.archlinux.org/CVE-2017-5069
Workaround
None.