OPENSUSE-SU-2017:3245-1
Vulnerability Summary
Timeline
Description
Security update for chromium This update to Chromium 63.0.3239.84 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: Null pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8 - CVE-2017-15398: Stack buffer overflow in QUIC - CVE-2017-15399: Use after free in V8 - CVE-2017-15408: Heap buffer overflow in PDFium - CVE-2017-15409: Out of bounds write in Skia - CVE-2017-15410: Use after free in PDFium - CVE-2017-15411: Use after free in PDFium - CVE-2017-15412: Use after free in libXML - CVE-2017-15413: Type confusion in WebAssembly - CVE-2017-15415: Pointer information disclosure in IPC call - CVE-2017-15416: Out of bounds read in Blink - CVE-2017-15417: Cross origin information disclosure in Skia - CVE-2017-15418: Use of uninitialized value in Skia - CVE-2017-15419: Cross origin leak of redirect URL in Blink - CVE-2017-15420: URL spoofing in Omnibox - CVE-2017-15422: Integer overflow in ICU - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL - CVE-2017-15424: URL Spoof in Omnibox - CVE-2017-15425: URL Spoof in Omnibox - CVE-2017-15426: URL Spoof in Omnibox - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox The following tracked bug fixes are included: - sandbox crash fixes (bsc#1064298)
Affected Systems
- suse•chromium&distro=SUSE Package Hub 12 SP2
< 63.0.3239.84-40.1
References (47)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VA55NOXRJGNNMP5YTJMI3OWZ75GMEMB2/#VA55NOXRJGNNMP5YTJMI3OWZ75GMEMB2
- https://bugzilla.suse.com/1064066
- https://bugzilla.suse.com/1064298
- https://bugzilla.suse.com/1065405
- https://bugzilla.suse.com/1066851
- https://bugzilla.suse.com/1071691
- https://www.suse.com/security/cve/CVE-2017-15386
- https://www.suse.com/security/cve/CVE-2017-15387
- https://www.suse.com/security/cve/CVE-2017-15388
- https://www.suse.com/security/cve/CVE-2017-15389
- https://www.suse.com/security/cve/CVE-2017-15390
- https://www.suse.com/security/cve/CVE-2017-15391
- https://www.suse.com/security/cve/CVE-2017-15392
- https://www.suse.com/security/cve/CVE-2017-15393
- https://www.suse.com/security/cve/CVE-2017-15394
- https://www.suse.com/security/cve/CVE-2017-15395
- https://www.suse.com/security/cve/CVE-2017-15396
- https://www.suse.com/security/cve/CVE-2017-15398
- https://www.suse.com/security/cve/CVE-2017-15399
- https://www.suse.com/security/cve/CVE-2017-15408
- https://www.suse.com/security/cve/CVE-2017-15409
- https://www.suse.com/security/cve/CVE-2017-15410
- https://www.suse.com/security/cve/CVE-2017-15411
- https://www.suse.com/security/cve/CVE-2017-15412
- https://www.suse.com/security/cve/CVE-2017-15413
- https://www.suse.com/security/cve/CVE-2017-15415
- https://www.suse.com/security/cve/CVE-2017-15416
- https://www.suse.com/security/cve/CVE-2017-15417
- https://www.suse.com/security/cve/CVE-2017-15418
- https://www.suse.com/security/cve/CVE-2017-15419
- https://www.suse.com/security/cve/CVE-2017-15420
- https://www.suse.com/security/cve/CVE-2017-15422
- https://www.suse.com/security/cve/CVE-2017-15423
- https://www.suse.com/security/cve/CVE-2017-15424
- https://www.suse.com/security/cve/CVE-2017-15425
- https://www.suse.com/security/cve/CVE-2017-15426
- https://www.suse.com/security/cve/CVE-2017-15427
- https://www.suse.com/security/cve/CVE-2017-5124
- https://www.suse.com/security/cve/CVE-2017-5125
- https://www.suse.com/security/cve/CVE-2017-5126
- https://www.suse.com/security/cve/CVE-2017-5127
- https://www.suse.com/security/cve/CVE-2017-5128
- https://www.suse.com/security/cve/CVE-2017-5129
- https://www.suse.com/security/cve/CVE-2017-5130
- https://www.suse.com/security/cve/CVE-2017-5131
- https://www.suse.com/security/cve/CVE-2017-5132
- https://www.suse.com/security/cve/CVE-2017-5133