ArchLinux: 201706-8: chromium: multiple issues
Summary
- CVE-2017-5070 (arbitrary code execution)
A type confusion flaw has been found in the V8 component of the
Chromium browser.
- CVE-2017-5071 (information disclosure)
An out of bounds read flaw has been found in the V8 component of the
Chromium browser.
- CVE-2017-5072 (content spoofing)
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
- CVE-2017-5073 (arbitrary code execution)
A use-after-free flaw has been found in the print preview component of
the Chromium browser.
- CVE-2017-5074 (arbitrary code execution)
A use-after-free flaw has been found in the Apps Bluetooth component of
the Chromium browser.
- CVE-2017-5075 (information disclosure)
An information leak flaw has been found in the CSP reporting component
of the Chromium browser.
- CVE-2017-5076 (content spoofing)
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
- CVE-2017-5077 (arbitrary code execution)
A heap buffer overflow flaw was found in the Skia component of the
Chromium browser.
- CVE-2017-5078 (arbitrary command execution)
A possible command injection flaw has been found in the mailto handling
component of the Chromium browser.
- CVE-2017-5079 (content spoofing)
A UI spoofing flaw has been found in the Blink component of the
Chromium browser.
- CVE-2017-5080 (arbitrary code execution)
A use-after-free flaw has been found in the credit card autofill
component of the Chromium browser.
- CVE-2017-5081 (authentication bypass)
A extension verification bypass has been found in the Chromium browser.
- CVE-2017-5082 (insufficient validation)
An insufficient hardening flaw has been found in the credit card editor
component of the Chromium browser.
- CVE-2017-5083 (content spoofing)
A UI spoofing flaw has been found in the Blink component of the
Chromium browser.
- CVE-2017-5085 (cross-site scripting)
A security issue has been found in the Chromium browser, where
javascript is inappropriately executed on WebUI pages
- CVE-2017-5086 (content spoofing)
An address spoofing flaw has been found in the Omnibox component of the
Chromium browser.
Resolution
Upgrade to 59.0.3071.86-1.
# pacman -Syu "chromium>=59.0.3071.86-1"
The problems have been fixed upstream in version 59.0.3071.86.
References
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=722756 https://bugs.chromium.org/p/chromium/issues/detail?id=715582 https://bugs.chromium.org/p/chromium/issues/detail?id=709417 https://bugs.chromium.org/p/chromium/issues/detail?id=716474 https://bugs.chromium.org/p/chromium/issues/detail?id=700040 https://bugs.chromium.org/p/chromium/issues/detail?id=678776 https://bugs.chromium.org/p/chromium/issues/detail?id=719199 https://bugs.chromium.org/p/chromium/issues/detail?id=716311 https://bugs.chromium.org/p/chromium/issues/detail?id=711020 https://bugs.chromium.org/p/chromium/issues/detail?id=713686 https://bugs.chromium.org/p/chromium/issues/detail?id=708819 https://bugs.chromium.org/p/chromium/issues/detail?id=672008 https://bugs.chromium.org/p/chromium/issues/detail?id=721579 https://bugs.chromium.org/p/chromium/issues/detail?id=714849 https://bugs.chromium.org/p/chromium/issues/detail?id=692378 https://bugs.chromium.org/p/chromium/issues/detail?id=722639 https://security.archlinux.org/CVE-2017-5070 https://security.archlinux.org/CVE-2017-5071 https://security.archlinux.org/CVE-2017-5072 https://security.archlinux.org/CVE-2017-5073 https://security.archlinux.org/CVE-2017-5074 https://security.archlinux.org/CVE-2017-5075 https://security.archlinux.org/CVE-2017-5076 https://security.archlinux.org/CVE-2017-5077 https://security.archlinux.org/CVE-2017-5078 https://security.archlinux.org/CVE-2017-5079 https://security.archlinux.org/CVE-2017-5080 https://security.archlinux.org/CVE-2017-5081 https://security.archlinux.org/CVE-2017-5082 https://security.archlinux.org/CVE-2017-5083 https://security.archlinux.org/CVE-2017-5085 https://security.archlinux.org/CVE-2017-5086
Workaround
None.