chromium: multiple issues

ID ASA-201605-7
Type archlinux
Reporter Arch Linux
Modified 2016-05-05T00:00:00


  • CVE-2016-1660:

Out-of-bounds write in Blink. Credit to Atte Kettunen of OUSPG.

  • CVE-2016-1661:

Memory corruption in cross-process frames. Credit to Wadih Matar.

  • CVE-2016-1662:

Use-after-free in extensions. Credit to Rob Wu.

  • CVE-2016-1663:

Use-after-free in Blink's V8 bindings. Credit to anonymous.

  • CVE-2016-1664:

Address bar spoofing. Credit to Wadih Matar.

  • CVE-2016-1665:

Information leak in V8. Credit to HyungSeok Han.

  • CVE-2016-1666:

Various fixes from internal audits, fuzzing and other initiatives.