chromium: multiple issues

2016-12-03T00:00:00
ID ASA-201612-3
Type archlinux
Reporter Arch Linux
Modified 2016-12-03T00:00:00

Description

  • CVE-2016-5203 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5204 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-5205 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-5206 (same-origin policy bypass)

A same-origin bypass flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5207 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-5208 (cross-site scripting)

An universal XSS flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-5209 (arbitrary code execution)

An out of bounds write flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-5210 (arbitrary code execution)

An out of bounds write flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5211 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5212 (arbitrary filesystem access)

A local file disclosure flaw was found in the DevTools component of the Chromium browser.

  • CVE-2016-5213 (arbitrary code execution)

An use after free flaw was found in the V8 component of the Chromium browser.

  • CVE-2016-5214 (insufficient validation)

A file download protection bypass was discovered in the Chromium browser.

  • CVE-2016-5215 (arbitrary code execution)

An use after free flaw was found in the Webaudio component of the Chromium browser.

  • CVE-2016-5216 (arbitrary code execution)

An use after free flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5217 (insufficient validation)

An use of unvalidated data flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5218 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the Chromium browser.

  • CVE-2016-5219 (arbitrary code execution)

An use after free flaw was found in the V8 component of the Chromium browser.

  • CVE-2016-5220 (arbitrary filesystem access)

A local file access flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5221 (arbitrary code execution)

An integer overflow flaw was found in the ANGLE component of the Chromium browser.

  • CVE-2016-5222 (content spoofing)

An address spoofing flaw was found in the Omnibox component of the Chromium browser.

  • CVE-2016-5223 (arbitrary code execution)

An integer overflow flaw was found in the PDFium component of the Chromium browser.

  • CVE-2016-5224 (same-origin policy bypass)

A same-origin bypass flaw was found in the SVG component of the Chromium browser.

  • CVE-2016-5225 (access restriction bypass)

A CSP bypass flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-5226 (cross-site scripting)

A limited XSS flaw was found in the Blink component of the Chromium browser.

  • CVE-2016-9650 (information disclosure)

A CSP referrer disclosure vulnerability has been discovered in the Chromium browser.

  • CVE-2016-9651 (access restriction bypass)

A private property access flaw was found in the V8 component of the Chromium browser.

  • CVE-2016-9652 (arbitrary code execution)

Various fixes from internal audits, fuzzing and other initiatives.