Severity: Critical
Date : 2017-04-20
CVE-ID : CVE-2017-5057 CVE-2017-5058 CVE-2017-5059 CVE-2017-5060
CVE-2017-5061 CVE-2017-5062 CVE-2017-5063 CVE-2017-5064
CVE-2017-5065 CVE-2017-5066 CVE-2017-5067 CVE-2017-5069
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-250
The package chromium before version 58.0.3029.81-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
incorrect calculation and same-origin policy bypass.
Upgrade to 58.0.3029.81-1.
The problems have been fixed upstream in version 58.0.3029.81.
None.
A type confusion issue has been found in the PDFium component of the
Chromium browser.
A heap use after free issue has been found in the Print Preview
component of the Chromium browser.
A type confusion issue has been found in the Blink component of the
Chromium browser.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.
A use after free issue has been found in the Chrome Apps component of
the Chromium browser.
A heap overflow issue has been found in the Skia component of the
Chromium browser.
A use after free flaw has been found in the Blink component of the
Chromium browser.
An incorrect UI issue has been found in the Blink component of the
Chromium browser.
An incorrect signature handing issue has been found in the Networking
component of the Chromium browser.
A URL spoofing issue has been found in the Omnibox component of the
Chromium browser.
A cross-origin bypass issue has been found in the Blink component of
the Chromium browser.
A remote attacker can spoof URL, bypass security checks and execute
arbitrary code on the affected host.
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
https://crbug.com/695826
https://crbug.com/694382
https://crbug.com/684684
https://crbug.com/683314
https://crbug.com/672847
https://crbug.com/702896
https://crbug.com/700836
https://crbug.com/693974
https://crbug.com/704560
https://crbug.com/690821
https://crbug.com/648117
https://crbug.com/691726
https://security.archlinux.org/CVE-2017-5057
https://security.archlinux.org/CVE-2017-5058
https://security.archlinux.org/CVE-2017-5059
https://security.archlinux.org/CVE-2017-5060
https://security.archlinux.org/CVE-2017-5061
https://security.archlinux.org/CVE-2017-5062
https://security.archlinux.org/CVE-2017-5063
https://security.archlinux.org/CVE-2017-5064
https://security.archlinux.org/CVE-2017-5065
https://security.archlinux.org/CVE-2017-5066
https://security.archlinux.org/CVE-2017-5067
https://security.archlinux.org/CVE-2017-5069
chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
crbug.com/648117
crbug.com/672847
crbug.com/683314
crbug.com/684684
crbug.com/690821
crbug.com/691726
crbug.com/693974
crbug.com/694382
crbug.com/695826
crbug.com/700836
crbug.com/702896
crbug.com/704560
security.archlinux.org/AVG-250
security.archlinux.org/CVE-2017-5057
security.archlinux.org/CVE-2017-5058
security.archlinux.org/CVE-2017-5059
security.archlinux.org/CVE-2017-5060
security.archlinux.org/CVE-2017-5061
security.archlinux.org/CVE-2017-5062
security.archlinux.org/CVE-2017-5063
security.archlinux.org/CVE-2017-5064
security.archlinux.org/CVE-2017-5065
security.archlinux.org/CVE-2017-5066
security.archlinux.org/CVE-2017-5067
security.archlinux.org/CVE-2017-5069