Advisories » MGASA-2015-0141

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 09 Apr 2015
Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1233 , CVE-2015-1234

Description

Updated chromium-browser-stable packages fix security vulnerabilities:

Google Chrome before 41.0.2272.118 does not properly handle the interaction of
IPC, the Gamepad API, and Google V8, which allows remote attackers to execute
arbitrary code via unspecified vectors (CVE-2015-1233).

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google
Chrome before 41.0.2272.118 allows remote attackers to cause a denial of
service (buffer overflow) or possibly have unspecified other impact by
manipulating OpenGL ES commands (CVE-2015-1234).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15611
• http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1233
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1234

SRPMS

4/core

• chromium-browser-stable-41.0.2272.118-1.mga4