ArchLinux: 201711-12: chromium: arbitrary code execution
Summary
- CVE-2017-15398 (arbitrary code execution)
A stack-based buffer overflow has been found in the QUIC component of
the Chromium browser before 62.0.3202.89.
- CVE-2017-15399 (arbitrary code execution)
A use-after-free has been found in the V8 component of the Chromium
browser before 62.0.3202.89.
Resolution
Upgrade to 62.0.3202.89-1.
# pacman -Syu "chromium>=62.0.3202.89-1"
The problems have been fixed upstream in version 62.0.3202.89.
References
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html https://bugs.chromium.org/p/chromium/issues/detail?id=777728 https://bugs.chromium.org/p/chromium/issues/detail?id=776677 https://security.archlinux.org/CVE-2017-15398 https://security.archlinux.org/CVE-2017-15399
Workaround
None.