DSA-3507-1 chromium-browser -- chromium-browserID: oval:org.secpod.oval:def:602422 | Date: (C)2016-03-15 (M)2024-01-29 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. CVE-2016-1631 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the Pepper Plugin API. CVE-2016-1632 A bad cast was discovered. CVE-2016-1633 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1634 cloudfuzzer discovered a use-after-free issue in Blink/Webkit. CVE-2016-1635 Rob Wu discovered a use-after-free issue in Blink/Webkit. CVE-2016-1636 A way to bypass SubResource Integrity validation was discovered. CVE-2016-1637 Keve Nagy discovered an information leak in the skia library. CVE-2016-1638 Rob Wu discovered a WebAPI bypass issue. CVE-2016-1639 Khalil Zhani discovered a use-after-free issue in the WebRTC implementation. CVE-2016-1640 Luan Herrera discovered an issue with the Extensions user interface. CVE-2016-1641 Atte Kettunen discovered a use-after-free issue in the handling of favorite icons. CVE-2016-1642 The chrome 49 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the v8 javascript library, version 4.9.385.26.