Debian Security Advisory

DSA-3810-1 chromium-browser -- security update

Date Reported:
15 Mar 2017
Affected Packages:
chromium-browser
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5038, CVE-2017-5039, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046.
More information:

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2017-5029

    Holger Fuhrmannek discovered an integer overflow issue in the libxslt library.

  • CVE-2017-5030

    Brendon Tiszka discovered a memory corruption issue in the v8 javascript library.

  • CVE-2017-5031

    Looben Yang discovered a use-after-free issue in the ANGLE library.

  • CVE-2017-5032

    Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.

  • CVE-2017-5033

    Nicolai Grødum discovered a way to bypass the Content Security Policy.

  • CVE-2017-5034

    Ke Liu discovered an integer overflow issue in the pdfium library.

  • CVE-2017-5035

    Enzo Aguado discovered an issue with the omnibox.

  • CVE-2017-5036

    A use-after-free issue was discovered in the pdfium library.

  • CVE-2017-5037

    Yongke Wang discovered multiple out-of-bounds write issues.

  • CVE-2017-5038

    A use-after-free issue was discovered in the guest view.

  • CVE-2017-5039

    jinmo123 discovered a use-after-free issue in the pdfium library.

  • CVE-2017-5040

    Choongwoo Han discovered an information disclosure issue in the v8 javascript library.

  • CVE-2017-5041

    Jordi Chancel discovered an address spoofing issue.

  • CVE-2017-5042

    Mike Ruddy discovered incorrect handling of cookies.

  • CVE-2017-5043

    Another use-after-free issue was discovered in the guest view.

  • CVE-2017-5044

    Kushal Arvind Shah discovered a heap overflow issue in the skia library.

  • CVE-2017-5045

    Dhaval Kapil discovered an information disclosure issue.

  • CVE-2017-5046

    Masato Kinugawa discovered an information disclosure issue.

For the stable distribution (jessie), these problems have been fixed in version 57.0.2987.98-1~deb8u1.

For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 57.0.2987.98-1.

We recommend that you upgrade your chromium-browser packages.