chromium -- multiple vulnerabilities


Google Chrome Releases reports: 45 new security fixes, including: [456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. [313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. [461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani. [445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer. [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil. [418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems. [460917] High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com. [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy. [444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani. [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG. [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn. [380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam). [476786] CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently

Affected Package

OS OS Version Package Name Package Version
FreeBSD any chromium 42.0.2311.90
FreeBSD any chromium-npapi 42.0.2311.90
FreeBSD any chromium-pulse 42.0.2311.90