AVG-289

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 58.0.3029.110-1
Fixed 59.0.3071.86-1
Current 64.0.3282.167-1 [extra]
Ticket None
Created Tue Jun 6 09:09:18 2017
Issue Severity Remote Type Description
CVE-2017-5086 Medium Yes Content spoofing
An address spoofing flaw has been found in the Omnibox component of the Chromium browser.
CVE-2017-5085 Low Yes Cross-site scripting
A security issue has been found in the Chromium browser, where javascript is inappropriately executed on WebUI pages
CVE-2017-5083 Low Yes Content spoofing
A UI spoofing flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5082 Low Yes Insufficient validation
An insufficient hardening flaw has been found in the credit card editor component of the Chromium browser.
CVE-2017-5081 High Yes Authentication bypass
A extension verification bypass has been found in the Chromium browser.
CVE-2017-5080 High Yes Arbitrary code execution
A use-after-free flaw has been found in the credit card autofill component of the Chromium browser.
CVE-2017-5079 Medium Yes Content spoofing
A UI spoofing flaw has been found in the Blink component of the Chromium browser.
CVE-2017-5078 High Yes Arbitrary command execution
A possible command injection flaw has been found in the mailto handling component of the Chromium browser.
CVE-2017-5077 High Yes Arbitrary code execution
A heap buffer overflow flaw was found in the Skia component of the Chromium browser.
CVE-2017-5076 Medium Yes Content spoofing
An address spoofing flaw has been found in the Omnibox component of the Chromium browser.
CVE-2017-5075 Medium Yes Information disclosure
An information leak flaw has been found in the CSP reporting component of the Chromium browser.
CVE-2017-5074 Critical Yes Arbitrary code execution
A use-after-free flaw has been found in the Apps Bluetooth component of the Chromium browser.
CVE-2017-5073 Critical Yes Arbitrary code execution
A use-after-free flaw has been found in the print preview component of the Chromium browser.
CVE-2017-5072 High Yes Content spoofing
An address spoofing flaw has been found in the Omnibox component of the Chromium browser.
CVE-2017-5071 High Yes Information disclosure
An out of bounds read flaw has been found in the V8 component of the Chromium browser.
CVE-2017-5070 Critical Yes Arbitrary code execution
A type confusion flaw has been found in the V8 component of the Chromium browser.
Date Advisory Package Description
07 Jun 2017 ASA-201706-8 chromium multiple issues
References
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html