[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4020-1 chromium-browser -- chromium-browser

ID: oval:org.secpod.oval:def:603157Date: (C)2017-12-04   (M)2023-11-12
Class: PATCHFamily: unix




Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an announcement that security support for chromium in the oldstable release , Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongly encouraged to upgrade now to the current stable release , Debian 9. An alternative is to switch to the firefox browser, which will continue to receive security updates in jessie for some time. CVE-2017-5124 A cross-site scripting issue was discovered in MHTML. CVE-2017-5125 A heap overflow issue was discovered in the skia library. CVE-2017-5126 Luat Nguyen discovered a use-after-free issue in the pdfium library. CVE-2017-5127 Luat Nguyen discovered another use-after-free issue in the pdfium library. CVE-2017-5128 Omair discovered a heap overflow issue in the WebGL implementation. CVE-2017-5129 Omair discovered a use-after-free issue in the WebAudio implementation. CVE-2017-5131 An out-of-bounds write issue was discovered in the skia library. CVE-2017-5132 Guarav Dewan discovered an error in the WebAssembly implementation. CVE-2017-5133 Aleksandar Nikolic discovered an out-of-bounds write issue in the skia library. CVE-2017-15386 WenXu Wu discovered a user interface spoofing issue. CVE-2017-15387 Jun Kokatsu discovered a way to bypass the content security policy. CVE-2017-15388 Kushal Arvind Shah discovered an out-of-bounds read issue in the skia library. CVE-2017-15389 xisigr discovered a URL spoofing issue. CVE-2017-15390 Haosheng Wang discovered a URL spoofing issue. CVE-2017-15391 Joao Lucas Melo Brasio discovered a way for an extension to bypass its limitations. CVE-2017-15392 Xiaoyin Liu discovered an error the implementation of registry keys. CVE-2017-15393 Svyat Mitin discovered an issue in the devtools. CVE-2017-15394 Sam discovered a URL spoofing issue. CVE-2017-15395 Johannes Bergman discovered a null pointer dereference issue. CVE-2017-15396 Yuan Deng discovered a stack overflow issue in the v8 javascript library.

Platform:
Debian 9.x
Product:
chromedriver
chromium
Reference:
DSA-4020-1
CVE-2017-5124
CVE-2017-5125
CVE-2017-5126
CVE-2017-5127
CVE-2017-5128
CVE-2017-5129
CVE-2017-5131
CVE-2017-5132
CVE-2017-5133
CVE-2017-15386
CVE-2017-15387
CVE-2017-15388
CVE-2017-15389
CVE-2017-15390
CVE-2017-15391
CVE-2017-15392
CVE-2017-15393
CVE-2017-15394
CVE-2017-15395
CVE-2017-15396
CVE-2017-15406
CVE    21
CVE-2017-15396
CVE-2017-15406
CVE-2017-15395
CVE-2017-15394
...
CPE    4
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:8.0
cpe:/a:google:chromium
cpe:/o:debian:debian_linux:9.x
...

© SecPod Technologies