AVG-46

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 53.0.2785.143-1
Fixed 54.0.2840.59-1
Current 64.0.3282.167-1 [extra]
Ticket None
Created Fri Oct 14 10:57:13 2016
Issue Severity Remote Type Description
CVE-2016-5194 Critical Yes Arbitrary code execution
Various fixes from internal audits, fuzzing and other initiatives.
CVE-2016-5193 Low Yes Insufficient validation
A scheme bypass vulnerability has been discovered.
CVE-2016-5192 Medium Yes Same-origin policy bypass
A cross-origin bypass flaw was found in the Blink component of the Chromium browser.
CVE-2016-5191 Medium Yes Cross-site scripting
An universal XSS flaw was found in the Bookmarks component of the Chromium browser.
CVE-2016-5190 Medium Yes Arbitrary code execution
An use after free flaw was found in the Internals component of the Chromium browser.
CVE-2016-5189 Medium Yes Content spoofing
An URL spoofing flaw was found in the Chromium browser.
CVE-2016-5188 Medium Yes Content spoofing
An UI spoofing flaw was found in the Chromium browser.
CVE-2016-5187 High Yes Content spoofing
An URL spoofing flaw was found in the Chromium browser.
CVE-2016-5186 Medium Yes Information disclosure
An out of bounds read flaw was found in the DevTools component of the Chromium browser.
CVE-2016-5185 High Yes Arbitrary code execution
An use after free flaw was found in the Blink component of the Chromium browser.
CVE-2016-5184 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5183 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5182 High Yes Arbitrary code execution
A heap overflow flaw was found in the Blink component of the Chromium browser.
CVE-2016-5181 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
Date Advisory Package Description
23 Oct 2016 ASA-201610-15 chromium multiple issues
References
https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html