An unspecified heap-buffer-overflow flaw was found in the expat component of the Chromium browser.
Upstream bug: https://code.google.com/p/chromium/issues/detail?id=492052
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:1499 https://rhn.redhat.com/errata/RHSA-2015-1499.html
This is the same flaw was CVE-2015-2716 as documented in the Mozilla advisory at:
However in chromium, libxml2 is used to parse XML web content, expat is used a dependency of libjingle and other associated libraries.
Some more details about this flaw is available at:
Upstream commit (chromium):
Does expat itself need to be patched?
Yes, expat itself needs to be patched/updated to fix CVE-2015-1283.
There's a new 2.1.1 upstream release fixing this exact issue. See: http://expat.sourceforge.net/
List of other distributions fixing this: