Advisories ยป MGASA-2015-0164

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 23 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1235 , CVE-2015-1236 , CVE-2015-1237 , CVE-2015-1238 , CVE-2015-1240 , CVE-2015-1241 , CVE-2015-1242 , CVE-2015-1244 , CVE-2015-1245 , CVE-2015-1246 , CVE-2015-1247 , CVE-2015-1248 , CVE-2015-1249 , CVE-2015-3333

Description

Chromium-browser 42.0.2311.90 fixes several security issues, among others a 
cross-origin-bypass in HTML parser (CVE-2015-1235), a cross-origin-bypass 
in Blink (CVE-2015-1236), a use-after-free in IPC (CVE-2015-1237), an 
out-of-bounds write in Skia (CVE-2015-1238), an out-of-bounds read in WebGL 
(CVE-2015-1240), Tap-Jacking (CVE-2015-1241), type confusion in V8 
(CVE-2015-1242), HSTS bypass in WebSockets (CVE-2015-1244), a 
use-after-free in PDFium (CVE-2015-1245), an out-of-bounds read in Blink 
(CVE-2015-1246), scheme issues in OpenSearch, (CVE-2015-1247), and a 
SafeBrowsing bypass (CVE-2015-1248). Also included are various fixes from 
internal audits, fuzzing and other initiatives (CVE-2015-1249), and 
multiple vulnerabilities in V8 have been fixed at the tip of the 4.2 branch 
(currently 4.2.77.14) (CVE-2015-3333).
                

References

SRPMS

4/core