AVG-544 log

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 62.0.3202.94-2
Fixed 63.0.3239.84-1
Current 124.0.6367.78-1 [extra]
Ticket None
Created Thu Dec 7 21:35:49 2017
Issue Severity Remote Type Description
CVE-2017-15427 Low Yes Access restriction bypass 
An insufficient blocking of Javascript issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
CVE-2017-15426 Low Yes Content spoofing 
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
CVE-2017-15425 Low Yes Content spoofing 
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
CVE-2017-15424 Low Yes Content spoofing 
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
CVE-2017-15423 Low Yes Information disclosure 
An information disclosure issue has been found in the SPAKE implementation of the BoringSSL component of the Chromium browser before 63.0.3239.84.
CVE-2017-15422 Medium Yes Arbitrary code execution 
An integer overflow has been found in the ICU component of the Chromium browser before 63.0.3239.84.
CVE-2017-15420 Medium Yes Content spoofing 
A URL spoofing issue has been found in the Omnibox component of the Chromium browser before 63.0.3239.84.
CVE-2017-15419 Medium Yes Information disclosure 
A cross-origin leak of redirect URL has been found in the Blink component of the Chromium browser before 63.0.3239.84.
CVE-2017-15418 Medium Yes Information disclosure 
A use of uninitialized value has been found in the Skia component of the Chromium browser before 63.0.3239.84.
CVE-2017-15417 Medium Yes Information disclosure 
A cross-origin information disclosure has been found in the Skia component of the Chromium browser before 63.0.3239.84.
CVE-2017-15416 Medium Yes Information disclosure 
An out of bounds read has been found in the Blink component of the Chromium browser before 63.0.3239.84.
CVE-2017-15415 Medium Yes Information disclosure 
A pointer information disclosure has been found in the IPC call component of the Chromium browser before 63.0.3239.84.
CVE-2017-15413 High Yes Arbitrary code execution 
A type confusion has been found in the WebAssembly component of the Chromium browser before 63.0.3239.84.
CVE-2017-15412 High Yes Arbitrary code execution 
A use after free has been found in the libxml component of the Chromium browser before 63.0.3239.84.
CVE-2017-15411 High Yes Arbitrary code execution 
A use after free has been found in the PDFium component of the Chromium browser before 63.0.3239.84.
CVE-2017-15410 High Yes Arbitrary code execution 
A use after free has been found in the PDFium component of the Chromium browser before 63.0.3239.84.
CVE-2017-15409 High Yes Arbitrary code execution 
An out of bounds write has been found in the Skia component of the Chromium browser before 63.0.3239.84.
CVE-2017-15408 High Yes Arbitrary code execution 
A heap-based buffer overflow has been found in the PDFium component of the Chromium browser before 63.0.3239.84.
CVE-2017-15407 Critical Yes Arbitrary code execution 
An out of bounds write has been found in the QUIC component of the Chromium browser before 63.0.3239.84.
Date Advisory Package Type
07 Dec 2017 ASA-201712-5 chromium multiple issues
References 
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html