chromium: multiple issues

2015-02-06T00:00:00
ID ASA-201502-5
Type archlinux
Reporter Arch Linux
Modified 2015-02-06T00:00:00

Description

  • CVE-2015-1209 (use-after-free)

Use-after-free in DOM, possibly leading to arbitrary code execution. Credit to Maksymillian Motyl.

  • CVE-2015-1210 (cross-origin bypass)

Cross-origin-bypass in V8 bindings allows an attacker to bypass the same-origin policy.

  • CVE-2015-1211 (privilege escalation)

Privilege escalation using service workers.

  • CVE-2015-1212

Various fixes from internal audits, fuzzing and other initiatives, fixing unspecified vulnerabilities not disclosed by upstream.