AVG-456

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 62.0.3202.52-5
Fixed 62.0.3202.62-1
Current 76.0.3809.100-1 [extra]
Ticket None
Created Thu Oct 19 11:57:26 2017
Issue Severity Remote Type Description
CVE-2017-15395 Low Yes Denial of service
A null-pointer dereference flaw has been found in the ImageCapture component of the Chromium browser < 62.0.3202.62.
CVE-2017-15394 Low Yes Content spoofing
A URL spoofing flaw has been found in the extensions UI of the Chromium browser < 62.0.3202.62.
CVE-2017-15393 Low Yes Information disclosure
A referrer leak has been found in the Devtools component of the Chromium browser < 62.0.3202.62.
CVE-2017-15392 Low Yes Access restriction bypass
An incorrect registry key handling issue has been found in the PlatformIntegration component of the Chromium browser < 62.0.3202.62.
CVE-2017-15391 Low Yes Access restriction bypass
An extension limitation bypass has been found in the Extensions component of the Chromium browser < 62.0.3202.62.
CVE-2017-15390 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser < 62.0.3202.62.
CVE-2017-15389 Medium Yes Content spoofing
A URL spoofing issue has been found in the Omnibox component of the Chromium browser < 62.0.3202.62.
CVE-2017-15388 Medium Yes Information disclosure
An out-of-bounds read has been found in the Skia component of the Chromium browser < 62.0.3202.62.
CVE-2017-15387 Medium Yes Access restriction bypass
A content security bypass has been found in the Chromium browser < 62.0.3202.62.
CVE-2017-15386 Medium Yes Content spoofing
A UI spoofing issue has been found in the Blink component of the Chromium browser < 62.0.3202.62.
CVE-2017-5133 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Skia component of the Chromium browser < 62.0.3202.62.
CVE-2017-5132 Critical Yes Arbitrary code execution
An incorrect stack manipulation security issue has been found in the WebAssembly component of the Chromium browser < 62.0.3202.62.
CVE-2017-5131 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Skia component of the Chromium browser < 62.0.3202.62.
CVE-2017-5130 Critical Yes Arbitrary code execution
A heap overflow security issue has been found in libxml2.
CVE-2017-5129 Critical Yes Arbitrary code execution
A use-after-free security issue has been found in the WebAudio component of the Chromium browser < 62.0.3202.62.
CVE-2017-5128 Critical Yes Arbitrary code execution
A heap overflow security issue has been found in the WebGL component of the Chromium browser < 62.0.3202.62.
CVE-2017-5127 Critical Yes Arbitrary code execution
A use-after-free security issue has been found in the PDFium component of the Chromium browser < 62.0.3202.62.
CVE-2017-5126 Critical Yes Arbitrary code execution
A use-after-free security issue has been found in the PDFium component of the Chromium browser < 62.0.3202.62.
CVE-2017-5125 Critical Yes Arbitrary code execution
A heap overflow security issue has been found in the Skia component of the Chromium browser < 62.0.3202.62.
CVE-2017-5124 High Yes Cross-site scripting
A universal XSS flaw has been found in the MHTML component of the Chromium browser < 62.0.3202.62.
Date Advisory Package Description
19 Oct 2017 ASA-201710-27 chromium multiple issues
References
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html