Security Information / 2016 / Security Information -- DSA-3645-1 chromium-browser

Debian Security Advisory

DSA-3645-1 chromium-browser -- security update

Date Reported:

09 Aug 2016

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144.

More information:

Several vulnerabilites have been discovered in the chromium web browser.

• CVE-2016-5139

  GiWan Go discovered a use-after-free issue in the pdfium library.

• CVE-2016-5140

  Ke Liu discovered a use-after-free issue in the pdfium library.

• CVE-2016-5141

  Sergey Glazunov discovered a URL spoofing issue.

• CVE-2016-5142

  Sergey Glazunov discovered a use-after-free issue.

• CVE-2016-5143

  Gregory Panakkal discovered an issue in the developer tools.

• CVE-2016-5144

  Gregory Panakkal discovered another issue in the developer tools.

• CVE-2016-5146

  The chrome development team found and fixed various issues during internal auditing.

For the stable distribution (jessie), these problems have been fixed in version 52.0.2743.116-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 52.0.2743.116-1.

We recommend that you upgrade your chromium-browser packages.