Debian Security Advisory
DSA-3456-1 chromium-browser -- security update
- Date Reported:
- 27 Jan 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-6792, CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620.
- More information:
Several vulnerabilities were discovered in the chromium web browser.
An issue was found in the handling of MIDI files.
A use-after-free issue was discovered in the pdfium library.
Christoph Diehl discovered an information leak in Webkit/Blink.
Ron Masas discovered a way to spoof URLs.
Luan Herrera discovered a way to spoof URLs.
jenuis discovered a way to discover whether an HSTS web site had been visited.
Aaron Toponce discovered the use of weak random number generator.
Keve Nagy discovered an out-of-bounds-read issue in the pdfium library.
For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.82-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.82-1.
We recommend that you upgrade your chromium-browser packages.