An unspecified heap-buffer-overflow flaw was found in the expat component of the Chromium browser. Upstream bug: https://code.google.com/p/chromium/issues/detail?id=492052 External References: http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2015:1499 https://rhn.redhat.com/errata/RHSA-2015-1499.html
This is the same flaw was CVE-2015-2716 as documented in the Mozilla advisory at: https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/ However in chromium, libxml2 is used to parse XML web content, expat is used a dependency of libjingle and other associated libraries. Some more details about this flaw is available at: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2716
Upstream commit (chromium): https://chromium.googlesource.com/chromium/src.git/+/33f223ef93963e0efd0360445b28ce630f59bdc5
Does expat itself need to be patched?
Yes, expat itself needs to be patched/updated to fix CVE-2015-1283. There's a new 2.1.1 upstream release fixing this exact issue. See: http://expat.sourceforge.net/ List of other distributions fixing this: http://lwn.net/Vulnerabilities/681391/