Changelog
chromium-browser (55.0.2883.75-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
- CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go
- CVE-2016-5183: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5184: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer
- CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman
- CVE-2016-5187: URL spoofing. Credit to Luan Herrera
- CVE-2016-5188: UI spoofing. Credit to Luan Herrera
<email address hidden>
- CVE-2016-5189: URL spoofing. Credit to xisigr
Alqabandi
- CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen
- CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes
- CVE-2016-5192: Cross-origin bypass in Blink. Credit to
- CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen
Security Lab
- CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
- CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
- CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
- CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu
- CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
- CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go
- CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu
- CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
- CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
- CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch
and MSVR
- CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
- CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
- CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu
- CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman
Alqabandi
- CVE-2016-5219: Use after free in V8. Credit to Rob Wu
- CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu
- CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker
- CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr
- CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
- CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
- CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme
- CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu
- CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
- CVE-2016-9651: Private property access in V8. Credit to Guang Gong
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
- Certificate validity is now independent of the browser build date
(closes: #844631).
- No longer supports gyp build system, so update to use gn instead.
-- Michael Gilbert <email address hidden> Sun, 11 Dec 2016 04:48:45 +0000