AVG-391

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 60.0.3112.113-1
Fixed 61.0.3163.79-1
Current 67.0.3396.87-2 [extra]
Ticket None
Created Wed Sep 6 20:17:17 2017
Issue Severity Remote Type Description
CVE-2017-5120 Low Yes Silent downgrade
A potential issue leading to HTTPS downgrade during redirect navigation has been found in the Chromium browser < 61.0.3163.79.
CVE-2017-5119 Medium Yes Information disclosure
A use of initialized value issue has been found in the Skia component of the Chromium browser < 61.0.3163.79.
CVE-2017-5118 Medium Yes Access restriction bypass
A content security policy bypass vulnerability has been found in the Blink component of the Chromium browser < 61.0.3163.79.
CVE-2017-5117 Medium Yes Information disclosure
A use of initialized value issue has been found in the Skia component of the Chromium browser < 61.0.3163.79.
CVE-2017-5116 Critical Yes Arbitrary code execution
A type confusion vulnerability has been found in the V8 component of the Chromium browser < 61.0.3163.79.
CVE-2017-5115 Critical Yes Arbitrary code execution
A type confusion vulnerability has been found in the V8 component of the Chromium browser < 61.0.3163.79.
CVE-2017-5114 Critical Yes Arbitrary code execution
A memory lifecycle vulnerability has been found in the PDFium component of the Chromium browser < 61.0.3163.79.
CVE-2017-5113 Critical Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been found in the Skia component of the Chromium browser < 61.0.3163.79.
CVE-2017-5112 Critical Yes Arbitrary code execution
A heap-based buffer overflow vulnerability has been found in the WebGL component of the Chromium browser < 61.0.3163.79.
CVE-2017-5111 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in the PDFium component of the Chromium browser < 61.0.3163.79.
Date Advisory Package Description
06 Sep 2017 ASA-201709-1 chromium multiple issues
References
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html