Debian Security Advisory

DSA-4064-1 chromium-browser -- security update

Date Reported:

12 Dec 2017

Affected Packages:

Vulnerable:

Yes

Security database references:

More information:

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2017-15407
Ned Williamson discovered an out-of-bounds write issue.
CVE-2017-15408
Ke Liu discovered a heap overflow issue in the pdfium library.
CVE-2017-15409
An out-of-bounds write issue was discovered in the skia library.
CVE-2017-15410
Luat Nguyen discovered a use-after-free issue in the pdfium library.
CVE-2017-15411
Luat Nguyen discovered a use-after-free issue in the pdfium library.
CVE-2017-15413
Gaurav Dewan discovered a type confusion issue.
CVE-2017-15415
Viktor Brange discovered an information disclosure issue.
CVE-2017-15416
Ned Williamson discovered an out-of-bounds read issue.
CVE-2017-15417
Max May discovered an information disclosure issue in the skia library.
CVE-2017-15418
Kushal Arvind Shah discovered an uninitialized value in the skia library.
CVE-2017-15419
Jun Kokatsu discoved an information disclosure issue.
CVE-2017-15420
WenXu Wu discovered a URL spoofing issue.
CVE-2017-15423
Greg Hudson discovered an issue in the boringssl library.
CVE-2017-15424
Khalil Zhani discovered a URL spoofing issue.
CVE-2017-15425
xisigr discovered a URL spoofing issue.
CVE-2017-15426
WenXu Wu discovered a URL spoofing issue.
CVE-2017-15427
Junaid Farhan discovered an issue with the omnibox.

For the stable distribution (stretch), these problems have been fixed in version 63.0.3239.84-1~deb9u1.

We recommend that you upgrade your chromium-browser packages.

For the detailed security status of chromium-browser please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium-browser