Lucene search

K
debianDebianDEBIAN:DSA-3486-1:FE2FC
HistoryFeb 21, 2016 - 9:56 p.m.

[SECURITY] [DSA 3486-1] chromium-browser security update

2016-02-2121:56:37
lists.debian.org
11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C


Debian Security Advisory DSA-3486-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
February 21, 2016 https://www.debian.org/security/faq


Package : chromium-browser
CVE ID : CVE-2016-1622 CVE-2016-1623 CVE-2016-1624 CVE-2016-1625
CVE-2016-1626 CVE-2016-1627 CVE-2016-1628 CVE-2016-1629

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1622

It was discovered that a maliciously crafted extension could bypass
the Same Origin Policy.

CVE-2016-1623

Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

CVE-2016-1624

lukezli discovered a buffer overflow issue in the Brotli library.

CVE-2016-1625

Jann Horn discovered a way to cause the Chrome Instant feature to
navigate to unintended destinations.

CVE-2016-1626

An out-of-bounds read issue was discovered in the openjpeg library.

CVE-2016-1627

It was discovered that the Developer Tools did not validate URLs.

CVE-2016-1628

An out-of-bounds read issue was discovered in the pdfium library.

CVE-2016-1629

A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
along with a way to escape the chromium sandbox.

For the stable distribution (jessie), these problems have been fixed in
version 48.0.2564.116-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 48.0.2564.116-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for DEBIAN:DSA-3486-1:FE2FC