- -------------------------------------------------------------------------
Debian Security Advisory DSA-3267-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
May 22, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254
CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258
CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262
CVE-2015-1263 CVE-2015-1264 CVE-2015-1265
Several vulnerabilities were discovered in the chromium web browser.
CVE-2015-1251
SkyLined discovered a use-after-free issue in speech recognition.
CVE-2015-1252
An out-of-bounds write issue was discovered that could be used to
escape from the sandbox.
CVE-2015-1253
A cross-origin bypass issue was discovered in the DOM parser.
CVE-2015-1254
A cross-origin bypass issue was discovered in the DOM editing feature.
CVE-2015-1255
Khalil Zhani discovered a use-after-free issue in WebAudio.
CVE-2015-1256
Atte Kettunen discovered a use-after-free issue in the SVG
implementation.
CVE-2015-1257
miaubiz discovered an overflow issue in the SVG implementation.
CVE-2015-1258
cloudfuzzer discovered an invalid size parameter used in the
libvpx library.
CVE-2015-1259
Atte Kettunen discovered an uninitialized memory issue in the
pdfium library.
CVE-2015-1260
Khalil Zhani discovered multiple use-after-free issues in chromium's
interface to the WebRTC library.
CVE-2015-1261
Juho Nurminen discovered a URL bar spoofing issue.
CVE-2015-1262
miaubiz discovered the use of an uninitialized class member in
font handling.
CVE-2015-1263
Mike Ruddy discovered that downloading the spellcheck dictionary
was not done over HTTPS.
CVE-2015-1264
K0r3Ph1L discovered a cross-site scripting issue that could be
triggered by bookmarking a site.
CVE-2015-1265
The chrome 43 development team found and fixed various issues
during internal auditing. Also multiple issues were fixed in
the libv8 library, version 4.3.61.21.
For the stable distribution (jessie), these problems have been fixed in
version 43.0.2357.65-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 43.0.2357.65-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
Debian: DSA-3267-1: chromium-browser security update
May 22, 2015
Several vulnerabilities were discovered in the chromium web browser
Summary
CVE-2015-1251
SkyLined discovered a use-after-free issue in speech recognition.
CVE-2015-1252
An out-of-bounds write issue was discovered that could be used to
escape from the sandbox.
CVE-2015-1253
A cross-origin bypass issue was discovered in the DOM parser.
CVE-2015-1254
A cross-origin bypass issue was discovered in the DOM editing feature.
CVE-2015-1255
Khalil Zhani discovered a use-after-free issue in WebAudio.
CVE-2015-1256
Atte Kettunen discovered a use-after-free issue in the SVG
implementation.
CVE-2015-1257
miaubiz discovered an overflow issue in the SVG implementation.
CVE-2015-1258
cloudfuzzer discovered an invalid size parameter used in the
libvpx library.
CVE-2015-1259
Atte Kettunen discovered an uninitialized memory issue in the
pdfium library.
CVE-2015-1260
Khalil Zhani discovered multiple use-after-free issues in chromium's
interface to the WebRTC library.
CVE-2015-1261
Juho Nurminen discovered a URL bar spoofing issue.
CVE-2015-1262
miaubiz discovered the use of an uninitialized class member in
font handling.
CVE-2015-1263
Mike Ruddy discovered that downloading the spellcheck dictionary
was not done over HTTPS.
CVE-2015-1264
K0r3Ph1L discovered a cross-site scripting issue that could be
triggered by bookmarking a site.
CVE-2015-1265
The chrome 43 development team found and fixed various issues
during internal auditing. Also multiple issues were fixed in
the libv8 library, version 4.3.61.21.
For the stable distribution (jessie), these problems have been fixed in
version 43.0.2357.65-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 43.0.2357.65-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
Severity
Several vulnerabilities were discovered in the chromium web browser.
News
HOWTOs
About Us
Powered By
