chromium -- multiple vulnerabilities


Google Chrome Releases reports: 48 security fixes in this release, including: [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous [620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly [613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone [605451] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy [625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.

Affected Package

OS OS Version Package Name Package Version
FreeBSD any chromium 52.0.2743.82
FreeBSD any chromium-npapi 52.0.2743.82
FreeBSD any chromium-pulse 52.0.2743.82