ArchLinux: 201710-27: chromium: multiple issues
Summary
- CVE-2017-15386 (content spoofing)
A UI spoofing issue has been found in the Blink component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15387 (access restriction bypass)
A content security bypass has been found in the Chromium browser <
62.0.3202.62.
- CVE-2017-15388 (information disclosure)
An out-of-bounds read has been found in the Skia component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15389 (content spoofing)
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15390 (content spoofing)
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15391 (access restriction bypass)
An extension limitation bypass has been found in the Extensions
component of the Chromium browser < 62.0.3202.62.
- CVE-2017-15392 (access restriction bypass)
An incorrect registry key handling issue has been found in the
PlatformIntegration component of the Chromium browser < 62.0.3202.62.
- CVE-2017-15393 (information disclosure)
A referrer leak has been found in the Devtools component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-15394 (content spoofing)
A URL spoofing flaw has been found in the extensions UI of the Chromium
browser < 62.0.3202.62.
- CVE-2017-15395 (denial of service)
A null-pointer dereference flaw has been found in the ImageCapture
component of the Chromium browser < 62.0.3202.62.
- CVE-2017-5124 (cross-site scripting)
A universal XSS flaw has been found in the MHTML component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-5125 (arbitrary code execution)
A heap overflow security issue has been found in the Skia component of
the Chromium browser < 62.0.3202.62.
- CVE-2017-5126 (arbitrary code execution)
A use-after-free security issue has been found in the PDFium component
of the Chromium browser < 62.0.3202.62.
- CVE-2017-5127 (arbitrary code execution)
A use-after-free security issue has been found in the PDFium component
of the Chromium browser < 62.0.3202.62.
- CVE-2017-5128 (arbitrary code execution)
A heap overflow security issue has been found in the WebGL component of
the Chromium browser < 62.0.3202.62.
- CVE-2017-5129 (arbitrary code execution)
A use-after-free security issue has been found in the WebAudio
component of the Chromium browser < 62.0.3202.62.
- CVE-2017-5130 (arbitrary code execution)
A heap overflow security issue has been found in libxml2.
- CVE-2017-5131 (arbitrary code execution)
An out-of-bounds write has been found in the Skia component of the
Chromium browser < 62.0.3202.62.
- CVE-2017-5132 (arbitrary code execution)
An incorrect stack manipulation security issue has been found in the
WebAssembly component of the Chromium browser < 62.0.3202.62.
- CVE-2017-5133 (arbitrary code execution)
An out-of-bounds write has been found in the Skia component of the
Chromium browser < 62.0.3202.62.
Resolution
Upgrade to 62.0.3202.62-1.
# pacman -Syu "chromium>=62.0.3202.62-1"
The problems have been fixed upstream in version 62.0.3202.62.
References
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2017-15386 https://security.archlinux.org/CVE-2017-15387 https://security.archlinux.org/CVE-2017-15388 https://security.archlinux.org/CVE-2017-15389 https://security.archlinux.org/CVE-2017-15390 https://security.archlinux.org/CVE-2017-15391 https://security.archlinux.org/CVE-2017-15392 https://security.archlinux.org/CVE-2017-15393 https://security.archlinux.org/CVE-2017-15394 https://security.archlinux.org/CVE-2017-15395 https://security.archlinux.org/CVE-2017-5124 https://security.archlinux.org/CVE-2017-5125 https://security.archlinux.org/CVE-2017-5126 https://security.archlinux.org/CVE-2017-5127 https://security.archlinux.org/CVE-2017-5128 https://security.archlinux.org/CVE-2017-5129 https://security.archlinux.org/CVE-2017-5130 https://security.archlinux.org/CVE-2017-5131 https://security.archlinux.org/CVE-2017-5132 https://security.archlinux.org/CVE-2017-5133
Workaround
None.