[3.3] chromium: Multiple Security Fixes (CVE-2016-1651, CVE-2016-1652, CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657, CVE-2016-1658, CVE-2016-1659)
CVE-2016-1651: out-of-bounds read in Pdfium JPEG2000 decoding
CVE-2016-1652: Universal XSS in extension bindings.
CVE-2016-1653: Out-of-bounds write in V8.
CVE-2016-1654: Uninitialized memory read in media.
CVE-2016-1655: Use-after-free related to extensions.
CVE-2016-1656: Android downloaded file path restriction bypass.
CVE-2016-1657: Address bar spoofing.
CVE-2016-1658: Potential leak of sensitive information to malicious extensions.
CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives.
Fixed In Version:
Chrome 50.0.2661.75
References:
http://googlechromereleases.blogspot.no/2016/04/stable-channel-update\_13.html
https://www.debian.org/security/2016/dsa-3549
(from redmine: issue id 5427, created on 2016-04-18, closed on 2017-01-24)
- Relations:
- parent #5425 (closed)