chromium -- multiple vulnerabilities

2015-07-21T00:00:00
ID 9D732078-32C7-11E5-B263-00262D5ED8EE
Type freebsd
Reporter FreeBSD
Modified 2015-07-21T00:00:00

Description

Google Chrome Releases reports:

43 security fixes in this release, including:

[446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. [461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi. [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team. [472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne. [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon. [486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer. [487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa. [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva. [492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa. [493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG. [504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous. [505374] High CVE-2015-1290: Memory corruption in V8. Credit to Yongjun Liu of NSFOCUS Security Team. [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor. [444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG. [451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva. [479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined. [482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva. [498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes. [479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com. [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.