chromium-browser (50.0.2661.102-0ubuntu0. xenial-security; 

  * Upstream release 50.0.2661.102:
    - CVE-2016-1667: Same origin bypass in DOM.
    - CVE-2016-1668: Same origin bypass in Blink V8 bindings.
    - CVE-2016-1669: Buffer overflow in V8.
    - CVE-2016-1670: Race condition in loader.
    - CVE-2016-1671: Directory traversal using the file scheme on Android.
  * Upstream release 50.0.2661.94:
    - CVE-2016-1660: Out-of-bounds write in Blink.
    - CVE-2016-1661: Memory corruption in cross-process frames.
    - CVE-2016-1662: Use-after-free in extensions.
    - CVE-2016-1663: Use-after-free in Blink’s V8 bindings.
    - CVE-2016-1664: Address bar spoofing.
    - CVE-2016-1665: Information leak in V8.
    - CVE-2016-1666: Various fixes from internal audits, fuzzing and other
  * Upstream release 50.0.2661.75:
    - CVE-2016-1652: Universal XSS in extension bindings.
    - CVE-2016-1653: Out-of-bounds write in V8.
    - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding.
    - CVE-2016-1654: Uninitialized memory read in media.
    - CVE-2016-1655: Use-after-free related to extensions.
    - CVE-2016-1656: Android downloaded file path restriction bypass.
    - CVE-2016-1657: Address bar spoofing.
    - CVE-2016-1658: Potential leak of sensitive information to malicious
    - CVE-2015-1659: Various fixes from internal audits, fuzzing and other
  * debian/patches/seccomp-allow-set-robust-list: pass through syscall
    set_robust_list. glibc nptl thread creation uses it.
  * debian/rules: use new libsecret way of contacting keyring.
  * debian/patches/blink-platform-export-class: avoid Trusty bug where
    WebKit Platform class vtable not found at link time.
  * debian/apport/ Handle case when crash and no
    chromium directory exists. Still report errors in apport.

Date: 2016-05-13 16:03:13.104391+00:00
Changed-By: Chad Miller <>
Signed-By: Chris Coulson <>
Sorry, changesfile not available.
Xenial-changes mailing list
Modify settings or unsubscribe at:

Reply via email to