chromium: multiple issues

ID ASA-201604-10
Type archlinux
Reporter Arch Linux
Modified 2016-04-17T00:00:00


  • CVE-2016-1651:

Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.

  • CVE-2016-1652:

Universal XSS in extension bindings. Credit to anonymous.

  • CVE-2016-1653:

Out-of-bounds write in V8. Credit to Choongwoo Han.

  • CVE-2016-1654:

Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.

  • CVE-2016-1655:

Use-after-free related to extensions. Credit to Rob Wu.

  • CVE-2016-1657:

Address bar spoofing. Credit to Luan Herrera.

  • CVE-2016-1658:

Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.

  • CVE-2016-1659:

Various fixes from internal audits, fuzzing and other initiatives.