Security Information / 2016 / Security Information -- DSA-3594-1 chromium-browser

Debian Security Advisory

DSA-3594-1 chromium-browser -- security update

Date Reported:

04 Jun 2016

Affected Packages:

chromium-browser

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-1696, CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703.

More information:

Several vulnerabilities have been discovered in the chromium web browser.

• CVE-2016-1696

  A cross-origin bypass was found in the bindings to extensions.

• CVE-2016-1697

  Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit.

• CVE-2016-1698

  Rob Wu discovered an information leak.

• CVE-2016-1699

  Gregory Panakkal discovered an issue in the Developer Tools feature.

• CVE-2016-1700

  Rob Wu discovered a use-after-free issue in extensions.

• CVE-2016-1701

  Rob Wu discovered a use-after-free issue in the autofill feature.

• CVE-2016-1702

  cloudfuzzer discovered an out-of-bounds read issue in the skia library.

For the stable distribution (jessie), these problems have been fixed in version 51.0.2704.79-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 51.0.2704.79-1.

We recommend that you upgrade your chromium-browser packages.