Debian Security Advisory
DSA-3376-1 chromium-browser -- security update
- Date Reported:
- 20 Oct 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-1303, CVE-2015-1304, CVE-2015-6755, CVE-2015-6756, CVE-2015-6757, CVE-2015-6758, CVE-2015-6759, CVE-2015-6760, CVE-2015-6761, CVE-2015-6762, CVE-2015-6763.
- More information:
Several vulnerabilities have been discovered in the chromium web browser.
Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation.
Mariusz Mlynski discovered a way to bypass the Same Origin Policy in blink/webkit.
A use-after-free issue was found in the pdfium library.
Collin Payne found a use-after-free issue in the ServiceWorker implementation.
Atte Kettunen found an issue in the pdfium library.
Muneaki Nishimura discovered an information leak.
Ronald Crane discovered a logic error in the ANGLE library involving lost device events.
Aki Helin and Khalil Zhani discovered a memory corruption issue in the ffmpeg library.
Muneaki Nishimura discovered a way to bypass the Same Origin Policy in the CSS implementation.
For the stable distribution (jessie), these problems have been fixed in version 46.0.2490.71-1~deb8u1.
For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 46.0.2490.71-1.
We recommend that you upgrade your chromium-browser packages.