Upstream has released version 48.0.2564.82 on January 20: http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates There was also a bugfix release since our last update: http://googlechromereleases.blogspot.com/2016/01/stable-channel-update.html Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/673580/
48.0.2564.97 was released so I will use that version instead
Status: NEW => ASSIGNEDCC: (none) => cjw
Thanks Christiaan! 48.0.2564.97 was released today (January 27): http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_27.html
Updated packages are ready for testing: MGA5 SRPM: chromium-browser-stable-48.0.2564.97-1.mga5.src.rpm RPMS: chromium-browser-stable-48.0.2564.97-1.mga5.i586.rpm chromium-browser-48.0.2564.97-1.mga5.i586.rpm chromium-browser-stable-48.0.2564.97-1.mga5.x86_64.rpm chromium-browser-48.0.2564.97-1.mga5.x86_64.rpm Proposed advisory: Chromium-browser 48.0.2564.97 fixes several security issues: The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. (CVE-2016-1612) Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. (CVE-2016-1613) The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. (CVE-2016-1614) The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. (CVE-2016-1615) The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. (CVE-2016-1616) The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. (CVE-2016-1617) Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. (CVE-2016-1618) Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. (CVE-2016-1619) Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1620) The included V8 version 4.8.271.17 fixes multiple vulnerabilities. References: http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_27.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1614 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1616 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1617 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1618 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1620
Assignee: cjw => qa-bugs
Working fine Mageia 5 i586.
Whiteboard: (none) => MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0042.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED