AVG-93

Package chromium
Status Fixed
Severity Critical
Type multiple issues
Affected 54.0.2840.100-1
Fixed 55.0.2883.75-1
Current 69.0.3497.100-1 [extra]
Ticket None
Created Sat Dec 3 22:13:42 2016
Issue Severity Remote Type Description
CVE-2016-9652 Critical Yes Arbitrary code execution
Various fixes from internal audits, fuzzing and other initiatives.
CVE-2016-9651 High Yes Access restriction bypass
A private property access flaw was found in the V8 component of the Chromium browser.
CVE-2016-9650 Low Yes Information disclosure
A CSP referrer disclosure vulnerability has been discovered in the Chromium browser.
CVE-2016-5226 Low Yes Cross-site scripting
A limited XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5225 Low Yes Access restriction bypass
A CSP bypass flaw was found in the Blink component of the Chromium browser.
CVE-2016-5224 Low Yes Same-origin policy bypass
A same-origin bypass flaw was found in the SVG component of the Chromium browser.
CVE-2016-5223 Low Yes Arbitrary code execution
An integer overflow flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5222 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2016-5221 Medium Yes Arbitrary code execution
An integer overflow flaw was found in the ANGLE component of the Chromium browser.
CVE-2016-5220 Medium No Arbitrary filesystem access
A local file access flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5219 Medium Yes Arbitrary code execution
An use after free flaw was found in the V8 component of the Chromium browser.
CVE-2016-5218 Medium Yes Content spoofing
An address spoofing flaw was found in the Omnibox component of the Chromium browser.
CVE-2016-5217 Medium Yes Insufficient validation
An use of unvalidated data flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5216 Medium Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5215 Medium Yes Arbitrary code execution
An use after free flaw was found in the Webaudio component of the Chromium browser.
CVE-2016-5214 Medium Yes Insufficient validation
A file download protection bypass was discovered in the Chromium browser.
CVE-2016-5213 High Yes Arbitrary code execution
An use after free flaw was found in the V8 component of the Chromium browser.
CVE-2016-5212 High No Arbitrary filesystem access
A local file disclosure flaw was found in the DevTools component of the Chromium browser.
CVE-2016-5211 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5210 High Yes Arbitrary code execution
An out of bounds write flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5209 High Yes Arbitrary code execution
An out of bounds write flaw was found in the Blink component of the Chromium browser.
CVE-2016-5208 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5207 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5206 High Yes Same-origin policy bypass
A same-origin bypass flaw was found in the PDFium component of the Chromium browser.
CVE-2016-5205 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5204 High Yes Cross-site scripting
An universal XSS flaw was found in the Blink component of the Chromium browser.
CVE-2016-5203 High Yes Arbitrary code execution
An use after free flaw was found in the PDFium component of the Chromium browser.
Date Advisory Package Description
03 Dec 2016 ASA-201612-3 chromium multiple issues
References
https://googlechromereleases.blogspot.fr/2016/12/stable-channel-update-for-desktop.html