Debian Security Advisory
DSA-3810-1 chromium-browser -- security update
- Date Reported:
- 15 Mar 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5038, CVE-2017-5039, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046.
- More information:
Several vulnerabilities have been discovered in the chromium web browser.
Holger Fuhrmannek discovered an integer overflow issue in the libxslt library.
Looben Yang discovered a use-after-free issue in the ANGLE library.
Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.
Nicolai Grødum discovered a way to bypass the Content Security Policy.
Ke Liu discovered an integer overflow issue in the pdfium library.
Enzo Aguado discovered an issue with the omnibox.
A use-after-free issue was discovered in the pdfium library.
Yongke Wang discovered multiple out-of-bounds write issues.
A use-after-free issue was discovered in the guest view.
jinmo123 discovered a use-after-free issue in the pdfium library.
Jordi Chancel discovered an address spoofing issue.
Mike Ruddy discovered incorrect handling of cookies.
Another use-after-free issue was discovered in the guest view.
Kushal Arvind Shah discovered a heap overflow issue in the skia library.
Dhaval Kapil discovered an information disclosure issue.
Masato Kinugawa discovered an information disclosure issue.
For the stable distribution (jessie), these problems have been fixed in version 57.0.2987.98-1~deb8u1.
For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 57.0.2987.98-1.
We recommend that you upgrade your chromium-browser packages.