Lucene search

K
archlinuxArch LinuxASA-201512-1
HistoryDec 02, 2015 - 12:00 a.m.

chromium: multiple issues

2015-12-0200:00:00
Arch Linux
lists.archlinux.org
28

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.032 Low

EPSS

Percentile

90.1%

  • CVE-2015-6764:

Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.

  • CVE-2015-6765, CVE-2015-6766, CVE-2015-6767:

Use-after-free in AppCache.

  • CVE-2015-6768, CVE-2015-6770, CVE-2015-6772:

Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

  • CVE-2015-6769:

Cross-origin bypass in core. Credit to Mariusz Mlynski.

  • CVE-2015-6771:

Out of bounds access in v8.

  • CVE-2015-6773:

Out of bounds access in Skia. Credit to cloudfuzzer.

  • CVE-2015-6774:

Use-after-free in Extensions.

  • CVE-2015-6775:

Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.

  • CVE-2015-6776:

Out of bounds access in PDFium. Credit to Hanno Böck.

  • CVE-2015-6777:

Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.

  • CVE-2015-6778:

Out of bounds access in PDFium. Credit to Karl Skomski.

  • CVE-2015-6779:

Scheme bypass in PDFium. Credit to Til Jasper Ullrich.

  • CVE-2015-6780:

Use-after-free in Infobars. Credit to Khalil Zhani.

  • CVE-2015-6781:

Integer overflow in Sfntly. Credit to miaubiz.

  • CVE-2015-6782:

Content spoofing in Omnibox. Credit to Luan Herrera.

  • CVE-2015-6784:

Escaping issue in saved pages. Credit to Inti De Ceukelaire.

  • CVE-2015-6785:

Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.

  • CVE-2015-6786:

Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.

  • CVE-2015-6787:

Various fixes from internal audits, fuzzing and other initiatives.

OSVersionArchitecturePackageVersionFilename
anyanyanychromium< 47.0.2526.73-1UNKNOWN

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.032 Low

EPSS

Percentile

90.1%