14 DAY TRIAL // The Debian Project has announced earlier that an update is available for the Chromium web browser, promising to patch various security vulnerabilities discovered upstream.
According to Debian Security Advisory DSA-3594-1, the Chromium web browser has been updated to version 51.0.2704.79 for Debian Stable, Debian Testing, and Debian Unstable, patching cross-origin bypass issues discovered in both the Blink and WebKit engines, as well as in the bindings to extensions.
Moreover, it would appear that there was an information leak found by Rob Wu in the Chromium web browser since version 51.0.2704.63 that has been fixed as well, along with two use-after-free issues in the autofill feature and extensions, discovered by the same person.
Lastly, the Developer Tools feature of the Chromium web browser was affected by an issue unveiled by Gregory Panakkal, which has been documented at CVE-2016-1699, and an out-of-bounds read issue plagued the Skia open-source 2D graphics library used by Chromium to draw text, images, and geometries.
All users who use Chromium are urged to update
The issues have been documented in their respective CVEs mentioned in the security advisory. Debian Project recommends all users who are running the open-source Chromium web browser to update it to the latest version available in the main software repositories of their distribution as soon as possible.
The update is already available there, so all you have to do is use your favorite package manager and install it. For those running Chromium on Debian GNU/Linux 8 "Jessie," the security issues mentioned above have been fixed in version 51.0.2704.79-1~deb8u1. On the other hand, Debian Sid (Unstable) users can update to Chromium 51.0.2704.79-1 as well.
Unfortunately, users of Debian GNU/Linux 9 "Stretch" will receive the new release in the next few days. In related news, the Debian Project announced the other day the availability of the Debian GNU/Linux 8.5 "Jessie" and Debian GNU/Linux 7.11 "Wheezy" updates, so if you're using one of these releases, please update it immediately.