Debian Security Advisory

DSA-4064-1 chromium-browser -- security update

Date Reported:
12 Dec 2017
Affected Packages:
chromium-browser
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-15407, CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15413, CVE-2017-15415, CVE-2017-15416, CVE-2017-15417, CVE-2017-15418, CVE-2017-15419, CVE-2017-15420, CVE-2017-15423, CVE-2017-15424, CVE-2017-15425, CVE-2017-15426, CVE-2017-15427.
More information:

Several vulnerabilities have been discovered in the chromium web browser.

  • CVE-2017-15407

    Ned Williamson discovered an out-of-bounds write issue.

  • CVE-2017-15408

    Ke Liu discovered a heap overflow issue in the pdfium library.

  • CVE-2017-15409

    An out-of-bounds write issue was discovered in the skia library.

  • CVE-2017-15410

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

  • CVE-2017-15411

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

  • CVE-2017-15413

    Gaurav Dewan discovered a type confusion issue.

  • CVE-2017-15415

    Viktor Brange discovered an information disclosure issue.

  • CVE-2017-15416

    Ned Williamson discovered an out-of-bounds read issue.

  • CVE-2017-15417

    Max May discovered an information disclosure issue in the skia library.

  • CVE-2017-15418

    Kushal Arvind Shah discovered an uninitialized value in the skia library.

  • CVE-2017-15419

    Jun Kokatsu discoved an information disclosure issue.

  • CVE-2017-15420

    WenXu Wu discovered a URL spoofing issue.

  • CVE-2017-15423

    Greg Hudson discovered an issue in the boringssl library.

  • CVE-2017-15424

    Khalil Zhani discovered a URL spoofing issue.

  • CVE-2017-15425

    xisigr discovered a URL spoofing issue.

  • CVE-2017-15426

    WenXu Wu discovered a URL spoofing issue.

  • CVE-2017-15427

    Junaid Farhan discovered an issue with the omnibox.

For the stable distribution (stretch), these problems have been fixed in version 63.0.3239.84-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser