Upstream has released version 52.0.2743.82 on July 20: http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html This fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates There was also a bugfix release since our last update: http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_23.html
URL: (none) => http://lwn.net/Vulnerabilities/695320/
Packages are available for testing: MGA5 SRPM: chromium-browser-stable-52.0.2743.82-1.mga5.src.rpm RPMS: chromium-browser-stable-52.0.2743.82-1.mga5.i586.rpm chromium-browser-52.0.2743.82-1.mga5.i586.rpm chromium-browser-stable-52.0.2743.82-1.mga5.x86_64.rpm chromium-browser-52.0.2743.82-1.mga5.x86_64.rpm Advisory: Chromium-browser-stable 52.0.2743.82 fixes security issues: Multiple unspecified vulnerabilities in chromium before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1705) The PPAPI implementation in Chromium before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. (CVE-2016-1706) The Chrome Web Store inline-installation implementation in the Extensions subsystem in Chromium before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. (CVE-2016-1708) Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in sfntly before 2016-06-10, as used in Chromium before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. (CVE-2016-1709) The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Chromium before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1710) WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Chromium before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1711) Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Chromium before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. (CVE-2016-5127) objects.cc in V8 before 5.2.361.27, as used in Chromium before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-5128) V8 before 5.2.361.32, as used in Chromium before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. (CVE-2016-5129) content/renderer/history_controller.cc in Chromium before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. (CVE-2016-5130) The Service Workers subsystem in Chromium before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. (CVE-2016-5132) Chromium before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. (CVE-2016-5133) net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Chromium before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. (CVE-2016-5134) WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Chromium before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. (CVE-2016-5135) Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Chromium before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. (CVE-2016-5136) The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Chromium before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. (CVE-2016-5137) References: http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137
CC: (none) => cjwAssignee: cjw => qa-bugs
Ran the usual battery, Jetstream, video, acid 3, general browsing, all OK, mga5-64.
CC: (none) => wrw105Whiteboard: (none) => has_procedure mga5-64-ok
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0274.html
Status: NEW => RESOLVEDResolution: (none) => FIXED