Updated chromium-browser package fixes security vulnerability
Publication date: 05 Jul 2015Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-1266 , CVE-2015-1267 , CVE-2015-1268 , CVE-2015-1269
Description
A scheme validation error in WebUI (CVE-2015-1266).
Two cross-origin bypass issues in Blink (CVE-2015-1267, CVE-2015-1268).
A normalization error in the HSTS/HPKP preload list (CVE-2015-1269).
This update also disables the automatic, silent downloading and
installation of "external components" like the hotword extension.
References
- https://bugs.mageia.org/show_bug.cgi?id=16190
- http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269
SRPMS
4/core
- chromium-browser-stable-43.0.2357.130-1.mga4
5/core
- chromium-browser-stable-43.0.2357.130-1.mga5