Advisories ยป MGASA-2016-0214

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 02 Jun 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1672 , CVE-2016-1673 , CVE-2016-1674 , CVE-2016-1675 , CVE-2016-1676 , CVE-2016-1677 , CVE-2016-1678 , CVE-2016-1679 , CVE-2016-1680 , CVE-2016-1681 , CVE-2016-1682 , CVE-2016-1685 , CVE-2016-1686 , CVE-2016-1687 , CVE-2016-1688 , CVE-2016-1689 , CVE-2016-1690 , CVE-2016-1691 , CVE-2016-1692 , CVE-2016-1694 , CVE-2016-1695


Chromium-browser-stable 51.0.2704.63 fixes security issues:

cross-origin bypass problems in extensions bindings (CVE-2016-1672 and 
CVE-2016-1676), blink (CVE-2016-1673 and CVE-2016-1675), and extensions 

heap use-after free bugs in V8 bindings (CVE-2016-1679), Skia (CVE-2016-1680), 
and Autofill (CVE-2016-1690)

heap buffer overflows in V8 (CVE-2016-1678), PDFium (CVE-2016-1681), media 
(CVE-2016-1689), and Skia (CVE-2016-1691)

out-of-bounds read errors in PDFium (CVE-2016-1685 and CVE-2016-1686) and V8 

type confusion in V8 (CVE-2016-1677), a CSP bypass for ServiceWorker 
(CVE-2016-1682), an information leak in extensions (CVE-2016-1687), a limited 
cross-origin bypass in ServiceWorker (CVE-2016-1692), and HPKP pins removed on 
cache clearance (CVE-2016-1694)

various fixes from upstream's internal audits, fuzzing, and other initiatives