VuXML: chromium -- multiple vulnerabilities

VuXML ID	548f74bd-993c-11e5-956b-00262d5ed8ee
Discovery	2015-12-01
Entry	2015-12-02

Google Chrome Releases reports:

41 security fixes in this release, including:

[558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.

[551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.

[554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.

[556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

[534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.

[541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

[544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.

[546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

[554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.

[491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.

[549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.

[529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.

[457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck.

[544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.

[514891] Medium CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski.

[528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich.

[490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.

[497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.

[536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.

[537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.

[503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.

[534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra / Shape Security.

[534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra / Shape Security.

[563930] CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.

Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

[source]

CVE Name	CVE-2015-6765
CVE Name	CVE-2015-6766
CVE Name	CVE-2015-6767
CVE Name	CVE-2015-6768
CVE Name	CVE-2015-6769
CVE Name	CVE-2015-6770
CVE Name	CVE-2015-6771
CVE Name	CVE-2015-6772
CVE Name	CVE-2015-6773
CVE Name	CVE-2015-6774
CVE Name	CVE-2015-6775
CVE Name	CVE-2015-6776
CVE Name	CVE-2015-6777
CVE Name	CVE-2015-6778
CVE Name	CVE-2015-6779
CVE Name	CVE-2015-6780
CVE Name	CVE-2015-6781
CVE Name	CVE-2015-6782
CVE Name	CVE-2015-6783
CVE Name	CVE-2015-6784
CVE Name	CVE-2015-6785
CVE Name	CVE-2015-6786
CVE Name	CVE-2015-6787
URL	http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html

chromium -- multiple vulnerabilities

Details

References