Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1867-1 Final 1 1 2015-10-16T22:28:29Z current 2015-10-16T22:28:29Z 2015-10-16T22:28:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was update do the stable release 46.0.2490.71 to fix security issues. The following vulnerabilities were fixed: * CVE-2015-6755: Cross-origin bypass in Blink * CVE-2015-6756: Use-after-free in PDFium * CVE-2015-6757: Use-after-free in ServiceWorker * CVE-2015-6758: Bad-cast in PDFium * CVE-2015-6759: Information leakage in LocalStorage * CVE-2015-6760: Improper error handling in libANGLE * CVE-2015-6761: Memory corruption in FFMpeg * CVE-2015-6762: CORS bypass via CSS fonts * CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. * CVE-2015-7834: Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html E-Mail link for openSUSE-SU-2015:1867-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-46.0.2490.71-109.1 chromium-46.0.2490.71-109.1 chromium-desktop-gnome-46.0.2490.71-109.1 chromium-desktop-kde-46.0.2490.71-109.1 chromium-ffmpegsumo-46.0.2490.71-109.1 The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. CVE-2015-6755 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6755.html CVE-2015-6755 https://bugzilla.suse.com/950290 SUSE Bug 950290 Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document. CVE-2015-6756 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6756.html CVE-2015-6756 https://bugzilla.suse.com/950290 SUSE Bug 950290 Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. CVE-2015-6757 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6757.html CVE-2015-6757 https://bugzilla.suse.com/950290 SUSE Bug 950290 The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. CVE-2015-6758 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6758.html CVE-2015-6758 https://bugzilla.suse.com/950290 SUSE Bug 950290 The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. CVE-2015-6759 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6759.html CVE-2015-6759 https://bugzilla.suse.com/950290 SUSE Bug 950290 The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. CVE-2015-6760 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6760.html CVE-2015-6760 https://bugzilla.suse.com/950290 SUSE Bug 950290 The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. CVE-2015-6761 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6761.html CVE-2015-6761 https://bugzilla.suse.com/950290 SUSE Bug 950290 The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. CVE-2015-6762 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6762.html CVE-2015-6762 https://bugzilla.suse.com/950290 SUSE Bug 950290 Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-6763 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6763.html CVE-2015-6763 https://bugzilla.suse.com/950290 SUSE Bug 950290 The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. CVE-2015-6764 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-6764.html CVE-2015-6764 https://bugzilla.suse.com/956902 SUSE Bug 956902 https://bugzilla.suse.com/957519 SUSE Bug 957519 Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-7834 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00007.html https://www.suse.com/security/cve/CVE-2015-7834.html CVE-2015-7834 https://bugzilla.suse.com/950290 SUSE Bug 950290