Chromium: Multiple vulnerabilities — GLSA 201506-04

Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution.

Affected Packages

www-client/chromium on all architectures
Affected versions < 43.0.2357.65
Unaffected versions >= 43.0.2357.65

Background

Chromium is an open-source web browser project.

Description

Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker can cause arbitrary remote code execution, Denial of Service or bypass of security mechanisms.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=www-client/chromium-43.0.2357.65"
 

References

Release Date
June 23, 2015

Latest Revision
June 23, 2015: 1

Severity
normal

Exploitable
remote

Bugzilla entries