chromium: multiple issues

• CVE-2016-5147 CVE-2016-5148 (cross-site scripting)

Universal XSS in Blink.

• CVE-2016-5149 (script injection)

Script injection in extensions.

• CVE-2016-5150 (arbitrary code execution)

Use after free in Blink.

• CVE-2016-5151 (arbitrary code execution)

Use after free in PDFium.

• CVE-2016-5152 CVE-2016-5154 CVE-2016-5157 CVE-2016-5158 CVE-2016-5159
  (arbitrary code execution)

Heap overflow in PDFium.

• CVE-2016-5153 (arbitrary code execution)

Use after destruction in Blink.

• CVE-2016-5155 CVE-2016-5163 (address bar spoofing)

Address bar spoofing.

• CVE-2016-5156 (arbitrary code execution)

Use after free in event bindings.

• CVE-2016-5160 CVE-2016-5162 (access restriction bypass)

Extensions web accessible resources bypass.

• CVE-2016-5161 (arbitrary code execution)

Type confusion in Blink.

• CVE-2016-5164 (address bar spoofing)

Universal XSS using DevTools.

• CVE-2016-5165 (script injection)

Script injection in DevTools.

• CVE-2016-5166 (smb relay attack)

SMB Relay Attack via Save Page As.

• CVE-2016-5167 (arbitrary code execution)

Various fixes from internal audits, fuzzing and other initiatives.