Package chromium: Information

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all Internet users to experience the web.
- New version (57.0.2987.110).
- Security fixes:
  - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
  - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
  - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti
  - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
  - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
  - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
  - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
  - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com)
  - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
  - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
  - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
  - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grodum
  - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy
  - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
  - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
  - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs
  - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire)
  - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
- New version (56.0.2924.87).
- Security fixes:
  - CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani
  - CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford
  - CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit)
  - CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
  - CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
  - CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
  - CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
  - CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)
  - CVE-2017-5017: Uninitialised memory access in webm video. Credit to Dan Berman
  - CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
  - CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
  - CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
  - CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to  evi1m0#ly.com
  - CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC)
  - CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
  - CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
  - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
  - CVE-2017-5027: Bypass of Content Security Policy in Blink.
- New version (55.0.2883.75).
- Security fixes:
  - CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360
  - CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)
  - CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
  - CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
  - CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN
  - CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
  - CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
  - CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
  - CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
  - CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
  - CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR
  - CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
  - CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
  - CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl)
  - CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)
  - CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)
  - CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure
  - CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)
  - CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent's Xuanwu Lab
  - CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Zoczek
  - CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee 
  - CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)
  - CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)
  - CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
  - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives

Package chromium: Information

Last changed