Debian Security Advisory
DSA-3594-1 chromium-browser -- security update
- Date Reported:
- 04 Jun 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-1696, CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703.
- More information:
Several vulnerabilities have been discovered in the chromium web browser.
A cross-origin bypass was found in the bindings to extensions.
Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit.
Rob Wu discovered an information leak.
Gregory Panakkal discovered an issue in the Developer Tools feature.
Rob Wu discovered a use-after-free issue in extensions.
Rob Wu discovered a use-after-free issue in the autofill feature.
cloudfuzzer discovered an out-of-bounds read issue in the skia library.
For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.79-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.79-1.
We recommend that you upgrade your chromium-browser packages.