DSA-4020-1 chromium-browser -- chromium-browserID: oval:org.secpod.oval:def:603157 | Date: (C)2017-12-04 (M)2023-11-12 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release , Debian 9. An alternative is to switch to the firefox browser, which will continue to receive security updates in jessie for some time. CVE-2017-5124 A cross-site scripting issue was discovered in MHTML. CVE-2017-5125 A heap overflow issue was discovered in the skia library. CVE-2017-5126 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5127 Luat Nguyen discovered another use-after-free issue in the pdfium library. CVE-2017-5128 Omair discovered a heap overflow issue in the WebGL implementation. CVE-2017-5129 Omair discovered a use-after-free issue in the WebAudio implementation. CVE-2017-5131 An out-of-bounds write issue was discovered in the skia library. CVE-2017-5132 Guarav Dewan discovered an error in the WebAssembly implementation. CVE-2017-5133 Aleksandar Nikolic discovered an out-of-bounds write issue in the skia library. CVE-2017-15386 WenXu Wu discovered a user interface spoofing issue. CVE-2017-15387 Jun Kokatsu discovered a way to bypass the content security policy. CVE-2017-15388 Kushal Arvind Shah discovered an out-of-bounds read issue in the skia library. CVE-2017-15389 xisigr discovered a URL spoofing issue. CVE-2017-15390 Haosheng Wang discovered a URL spoofing issue. CVE-2017-15391 Joao Lucas Melo Brasio discovered a way for an extension to bypass its limitations. CVE-2017-15392 Xiaoyin Liu discovered an error the implementation of registry keys. CVE-2017-15393 Svyat Mitin discovered an issue in the devtools. CVE-2017-15394 Sam discovered a URL spoofing issue. CVE-2017-15395 Johannes Bergman discovered a null pointer dereference issue. CVE-2017-15396 Yuan Deng discovered a stack overflow issue in the v8 javascript library.
Product: |
chromedriver |
chromium |