Debian Security Advisory
DSA-3926-1 chromium-browser -- security update
- Date Reported:
- 04 Aug 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-5087, CVE-2017-5088, CVE-2017-5089, CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000.
- More information:
Several vulnerabilities have been discovered in the chromium web browser.
Ned Williamson discovered a way to escape the sandbox.
Michal Bentkowski discovered a spoofing issue.
Ned Williamson discovered a use-after-free issue in IndexedDB.
Yu Zhou discovered a use-after-free issue in PPAPI.
Luan Herrera discovered a user interface spoofing issue.
A type confusion issue was discovered in extensions.
An out-of-bounds write issue was discovered in the pdfium library.
An out-of-bounds read issue was discovered in the skia library.
Yuan Deng discovered an out-of-bounds write issue in PPAPI.
A use-after-free issue was discovered in Chrome Apps.
Luan Herrera discovered a URL spoofing issue.
An uninitialized variable was discovered in the skia library.
Another uninitialized variable was discovered in the skia library.
Khalil Zhani discovered a user interface spoofing issue.
Rayyan Bijoora discovered a URL spoofing issue.
Jack Zac discovered a URL spoofing issue.
David Kohlbrenner discovered an information leak in SVG file handling.
Guang Gong discovered a type confusion issue in the pdfium library.
Jose Maria Acuna Morgado discovered a user interface spoofing issue.
xisigr discovered a way to spoof the payments dialog.
Chaitin Security Research Lab discovered an information disclosure issue in the sqlite library.
For the stable distribution (stretch), these problems have been fixed in version 60.0.3112.78-1~deb9u1.
For the unstable distribution (sid), these problems have been fixed in version 60.0.3112.78-1 or earlier versions.
We recommend that you upgrade your chromium-browser packages.