Security Information / 2015 / Security Information -- DSA-3351-1 chromium-browser

Debian Security Advisory

DSA-3351-1 chromium-browser -- security update

Date Reported:

03 Sep 2015

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-1291, CVE-2015-1292, CVE-2015-1293, CVE-2015-1294, CVE-2015-1295, CVE-2015-1296, CVE-2015-1297, CVE-2015-1298, CVE-2015-1299, CVE-2015-1300, CVE-2015-1301.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2015-1291

  A cross-origin bypass issue was discovered in DOM.

• CVE-2015-1292

  Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker.

• CVE-2015-1293

  Mariusz Mlynski discovered a cross-origin bypass issue in DOM.

• CVE-2015-1294

  cloudfuzzer discovered a use-after-free issue in the Skia graphics library.

• CVE-2015-1295

  A use-after-free issue was discovered in the printing component.

• CVE-2015-1296

  zcorpan discovered a character spoofing issue.

• CVE-2015-1297

  Alexander Kashev discovered a permission scoping error.

• CVE-2015-1298

  Rob Wu discovered an error validating the URL of extensions.

• CVE-2015-1299

  taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit library.

• CVE-2015-1300

  cgvwzq discovered an information disclosure issue in the Blink/WebKit library.

• CVE-2015-1301

  The chrome 45 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.5.103.29.

For the stable distribution (jessie), these problems have been fixed in version 45.0.2454.85-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed once the gcc-5 transition completes.

For the unstable distribution (sid), these problems have been fixed in version 45.0.2454.85-1.

We recommend that you upgrade your chromium-browser packages.