### Key Information Summary #### Vulnerability Overview - **Release Date**: February 10, 2015 - **Overview**: Multiple security issues were fixed in Oxide. - **Affected Versions**: 14.10, 14.04 LTS #### Major Vulnerability Details - **CVE-2015-1209**: A use-after-free error was discovered in Blink's DOM implementation. If a user is tricked into opening a specific malicious website, an attacker could cause the renderer to crash, leading to a denial of service, or execute arbitrary code with the privileges of the sandboxed renderer process. - **CVE-2015-1210**: V8 did not properly account for frame access restrictions when throwing exceptions in certain cases. If a user is tricked into opening a specific malicious website, an attacker could bypass same-origin policy restrictions. - **CVE-2015-1212**: During ServiceWorker registration, Chrome did not properly restrict URI schemes. If a user is tricked into downloading and opening a specific malicious HTML file, an attacker could exploit this vulnerability. #### Update Instructions - **General Update**: Typically, standard system updates will include all necessary changes. - **Recommended Versions**: - **14.10 utopic**: liboxideqtcore0 – 1.4.3-0ubuntu0.14.10.1, oxideqt-codecs – 1.4.3-0ubuntu0.14.10.1, oxideqt-codecs-extra – 1.4.3-0ubuntu0.14.10.1 - **14.04 LTS trusty**: liboxideqtcore0 – 1.4.3-0ubuntu0.14.04.1, oxideqt-codecs – 1.4.3-0ubuntu0.14.04.1, oxideqt-codecs-extra – 1.4.3-0ubuntu0.14.04.1 #### References - **CVE IDs**: CVE-2015-1212, CVE-2015-1211, CVE-2015-1210, CVE-2015-1209