chromium -- multiple vulnerabilities

2015-12-01T00:00:00
ID 548F74BD-993C-11E5-956B-00262D5ED8EE
Type freebsd
Reporter FreeBSD
Modified 2015-12-01T00:00:00

Description

Google Chrome Releases reports:

41 security fixes in this release, including:

[558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous. [551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous. [554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous. [556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. [534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski. [541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. [544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous. [546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. [554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own. [491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer. [549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous. [529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG. [457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck. [544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team. [514891] Medium CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski. [528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich. [490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani. [497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz. [536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera. [537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski. [503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire. [534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security. [534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security. [563930] CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).