AVG-156

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 55.0.2883.87-1
Fixed 56.0.2924.76-1
Current 67.0.3396.87-2 [extra]
Ticket None
Created Fri Jan 27 17:02:44 2017
Issue Severity Remote Type Description
CVE-2017-5026 Low Yes Content spoofing
A UI spoofing flaw was found in the Chromium browser.
CVE-2017-5025 Critical Yes Arbitrary code execution
A heap overflow flaw was found in FFmpeg < 3.2.4.
CVE-2017-5024 Critical Yes Arbitrary code execution
A heap overflow flaw was found in FFmpeg < 3.2.4.
CVE-2017-5023 Low Yes Denial of service
A type confusion flaw was found in the metrics component of the Chromium browser.
CVE-2017-5022 Low Yes Access restriction bypass
A bypass of content security policy flaw was found in the Blink component of the Chromium browser.
CVE-2017-5021 Low Yes Arbitrary code execution
A use-after-free flaw was found in the Extensions component of the Chromium browser.
CVE-2017-5020 Medium Yes Cross-site scripting
An universal XSS flaw was found in the chrome://downloads component of the Chromium browser.
CVE-2017-5019 Medium Yes Arbitrary code execution
An use after free flaw was found in the Renderer component of the Chromium browser.
CVE-2017-5018 Medium Yes Cross-site scripting
An universal XSS flaw was found in the chrome://apps component of the Chromium browser.
CVE-2017-5017 Medium Yes Information disclosure
An uninitialised memory access flaw was found in the webm video component of the Chromium browser.
CVE-2017-5016 Medium Yes Content spoofing
An UI spoofing flaw was found in the Blink component of the Chromium browser.
CVE-2017-5015 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2017-5014 Medium Yes Arbitrary code execution
A heap overflow flaw was found in the Skia component of the Chromium browser.
CVE-2017-5013 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser
CVE-2017-5012 Critical Yes Arbitrary code execution
A heap overflow flaw was found in the V8 component of the Chromium browser.
CVE-2017-5011 High Yes Arbitrary filesystem access
An unauthorised file access flaw was found in the Devtools component of the Chromium browser.
CVE-2017-5010 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2017-5009 Critical Yes Arbitrary code execution
An out of bounds memory access flaw was found in the WebRTC component of the Chromium browser.
CVE-2017-5008 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2017-5007 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2017-5006 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
Date Advisory Package Description
27 Jan 2017 ASA-201701-33 chromium multiple issues
References
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html