chromium: multiple issues

2015-12-02T00:00:00
ID ASA-201512-1
Type archlinux
Reporter Arch Linux
Modified 2015-12-02T00:00:00

Description

  • CVE-2015-6764:

Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.

  • CVE-2015-6765, CVE-2015-6766, CVE-2015-6767:

Use-after-free in AppCache.

  • CVE-2015-6768, CVE-2015-6770, CVE-2015-6772:

Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

  • CVE-2015-6769:

Cross-origin bypass in core. Credit to Mariusz Mlynski.

  • CVE-2015-6771:

Out of bounds access in v8.

  • CVE-2015-6773:

Out of bounds access in Skia. Credit to cloudfuzzer.

  • CVE-2015-6774:

Use-after-free in Extensions.

  • CVE-2015-6775:

Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.

  • CVE-2015-6776:

Out of bounds access in PDFium. Credit to Hanno Böck.

  • CVE-2015-6777:

Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.

  • CVE-2015-6778:

Out of bounds access in PDFium. Credit to Karl Skomski.

  • CVE-2015-6779:

Scheme bypass in PDFium. Credit to Til Jasper Ullrich.

  • CVE-2015-6780:

Use-after-free in Infobars. Credit to Khalil Zhani.

  • CVE-2015-6781:

Integer overflow in Sfntly. Credit to miaubiz.

  • CVE-2015-6782:

Content spoofing in Omnibox. Credit to Luan Herrera.

  • CVE-2015-6784:

Escaping issue in saved pages. Credit to Inti De Ceukelaire.

  • CVE-2015-6785:

Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.

  • CVE-2015-6786:

Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.

  • CVE-2015-6787:

Various fixes from internal audits, fuzzing and other initiatives.