Debian Security Advisory DSA 3486-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-1622 It was discovered that a maliciously crafted extension could bypass the Same Origin Policy. CVE-2016-1623 Mariusz Mlynski discovered a way to bypass the Same Origin Policy. CVE-2016-1624 lukezli discovered a buffer overflow issue in the Brotli library. CVE-2016-1625 Jann Horn discovered a way to cause the Chrome Instant feature to navigate to unintended destinations. CVE-2016-1626 An out-of-bounds read issue was discovered in the openjpeg library. CVE-2016-1627 It was discovered that the Developer Tools did not validate URLs. CVE-2016-1628 An out-of-bounds read issue was discovered in the pdfium library. CVE-2016-1629 A way to bypass the Same Origin Policy was discovered in Blink/WebKit, along with a way to escape the chromium sandbox.

chromium-browser on Debian Linux

This check tests the installed software version using the apt package manager.

For the stable distribution (jessie), these problems have been fixed in version 48.0.2564.116-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 48.0.2564.116-1. We recommend that you upgrade your chromium-browser packages.