Arch Linux Security Advisory ASA-201712-8 ========================================= Severity: High Date : 2017-12-16 CVE-ID : CVE-2017-15429 Package : chromium Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-546 Summary ======= The package chromium before version 63.0.3239.108-1 is vulnerable to cross-site scripting. Resolution ========== Upgrade to 63.0.3239.108-1. # pacman -Syu "chromium>=63.0.3239.108-1" The problem has been fixed upstream in version 63.0.3239.108. Workaround ========== None. Description =========== A universal XSS has been found in the V8 component of the Chromium browser before 63.0.3239.108. Impact ====== A remote attacker can inject Javascript code via a universal cross-site scripting flaw. References ========== https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html https://crbug.com/788453 https://security.archlinux.org/CVE-2017-15429