Subject: [ASA-201712-5] chromium: multiple issues Arch Linux Security Advisory ASA-201712-5 ========================================= Severity: Critical Date : 2017-12-07 CVE-ID : CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-544 Summary ======= The package chromium before version 63.0.3239.84-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, information disclosure and access restriction bypass. Resolution ========== Upgrade to 63.0.3239.84-1. # pacman -Syu "chromium>=63.0.3239.84-1" The problems have been fixed upstream in version 63.0.3239.84. Workaround ========== None. Description =========== - CVE-2017-15407 (arbitrary code execution) An out of bounds write has been found in the QUIC component of the Chromium browser before 63.0.3239.84. - CVE-2017-15408 (arbitrary code execution) A heap-based buffer overflow has been found in the PDFium component of the Chromium browser before 63.0.3239.84. - CVE-2017-15409 (arbitrary code execution) An out of bounds write has been found in the Skia component of the Chromium browser before 63.0.3239.84. - CVE-2017-15410 (arbitrary code execution) A use after free has been found in the PDFium component of the Chromium browser before 63.0.3239.84. - CVE-2017-15411 (arbitrary code execution) A use after free has been found in the PDFium component of the Chromium browser before 63.0.3239.84. - CVE-2017-15412 (arbitrary code execution) A use after free has been found in the libxml component of the Chromium browser before 63.0.3239.84. - CVE-2017-15413 (arbitrary code execution) A type confusion has been found in the WebAssembly component of the Chromium browser before 63.0.3239.84. - CVE-2017-15415 (information disclosure) A pointer information disclosure has been found in the IPC call component of the Chromium browser before 63.0.3239.84. - CVE-2017-15416 (information disclosure) An out of bounds read has been found in the Blink component of the Chromium browser before 63.0.3239.84. - CVE-2017-15417 (information disclosure) A cross-origin information disclosure has been found in the Skia component of the Chromium browser before 63.0.3239.84. - CVE-2017-15418 (information disclosure) A use of uninitialized value has been found in the Skia component of the Chromium browser before 63.0.3239.84. - CVE-2017-15419 (information disclosure) A cross-origin leak of redirect URL has been found in the Blink component of the Chromium browser before 63.0.3239.84. - CVE-2017-15420 (content spoofing) A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84. - CVE-2017-15422 (arbitrary code execution) An integer overflow has been found in the ICU component of the Chromium browser before 63.0.3239.84. - CVE-2017-15423 (information disclosure) An information disclosure issue has been found in the SPAKE implementation of the BoringSSL component of the Chromium browser before 63.0.3239.84. - CVE-2017-15424 (content spoofing) A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84. - CVE-2017-15425 (content spoofing) A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84. - CVE-2017-15426 (content spoofing) A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84. - CVE-2017-15427 (access restriction bypass) An insufficient blocking of Javascript issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84. Impact ====== A remote attacker can execute arbitrary code on the affected host, spoof the URL, access sensitive information and bypass security measures. References ========== https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/778505 https://crbug.com/762374 https://crbug.com/763972 https://crbug.com/765921 https://crbug.com/770148 https://crbug.com/727039 https://crbug.com/766666 https://crbug.com/765512 https://crbug.com/779314 https://crbug.com/699028 https://crbug.com/765858 https://crbug.com/780312 https://crbug.com/777419 https://crbug.com/774382 https://github.com/google/boringssl/commit/696c13bd6ab78011adfe7b775519c8b7cc82b604 https://crbug.com/778101 https://crbug.com/756226 https://crbug.com/756456 https://crbug.com/756735 https://crbug.com/768910 https://security.archlinux.org/CVE-2017-15407 https://security.archlinux.org/CVE-2017-15408 https://security.archlinux.org/CVE-2017-15409 https://security.archlinux.org/CVE-2017-15410 https://security.archlinux.org/CVE-2017-15411 https://security.archlinux.org/CVE-2017-15412 https://security.archlinux.org/CVE-2017-15413 https://security.archlinux.org/CVE-2017-15415 https://security.archlinux.org/CVE-2017-15416 https://security.archlinux.org/CVE-2017-15417 https://security.archlinux.org/CVE-2017-15418 https://security.archlinux.org/CVE-2017-15419 https://security.archlinux.org/CVE-2017-15420 https://security.archlinux.org/CVE-2017-15422 https://security.archlinux.org/CVE-2017-15423 https://security.archlinux.org/CVE-2017-15424 https://security.archlinux.org/CVE-2017-15425 https://security.archlinux.org/CVE-2017-15426 https://security.archlinux.org/CVE-2017-15427