Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1877-1 Final 1 1 2015-05-24T18:43:49Z current 2015-05-24T18:43:49Z 2015-05-24T18:43:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 43.0.2357.65 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2015-1251: Use-after-free in Speech (boo#931659) - CVE-2015-1252: Sandbox escape in Chrome (boo#931671) - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670) - CVE-2015-1254: Cross-origin bypass in Editing (boo#931669) - CVE-2015-1255: Use-after-free in WebAudio (boo#931674) - CVE-2015-1256: Use-after-free in SVG (boo#931664) - CVE-2015-1257: Container-overflow in SVG (boo#931665) - CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666) - CVE-2015-1259: Uninitialized value in PDFium (boo#931667) - CVE-2015-1260: Use-after-free in WebRTC (boo#931668) - CVE-2015-1261: URL bar spoofing (boo#931673) - CVE-2015-1262: Uninitialized value in Blink (boo#931672) - CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663) - CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661) - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660) - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html E-Mail link for openSUSE-SU-2015:1877-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-43.0.2357.65-84.1 chromium-43.0.2357.65-84.1 chromium-desktop-gnome-43.0.2357.65-84.1 chromium-desktop-kde-43.0.2357.65-84.1 chromium-ffmpegsumo-43.0.2357.65-84.1 Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. CVE-2015-1251 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1251.html CVE-2015-1251 https://bugzilla.suse.com/931659 SUSE Bug 931659 common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. CVE-2015-1252 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1252.html CVE-2015-1252 https://bugzilla.suse.com/931671 SUSE Bug 931671 core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. CVE-2015-1253 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1253.html CVE-2015-1253 https://bugzilla.suse.com/931670 SUSE Bug 931670 core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. CVE-2015-1254 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1254.html CVE-2015-1254 https://bugzilla.suse.com/931669 SUSE Bug 931669 Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. CVE-2015-1255 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1255.html CVE-2015-1255 https://bugzilla.suse.com/931674 SUSE Bug 931674 Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. CVE-2015-1256 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1256.html CVE-2015-1256 https://bugzilla.suse.com/931664 SUSE Bug 931664 platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. CVE-2015-1257 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1257.html CVE-2015-1257 https://bugzilla.suse.com/931665 SUSE Bug 931665 Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. CVE-2015-1258 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1258.html CVE-2015-1258 https://bugzilla.suse.com/931666 SUSE Bug 931666 PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2015-1259 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1259.html CVE-2015-1259 https://bugzilla.suse.com/931667 SUSE Bug 931667 Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. CVE-2015-1260 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1260.html CVE-2015-1260 https://bugzilla.suse.com/931668 SUSE Bug 931668 android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. CVE-2015-1261 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1261.html CVE-2015-1261 https://bugzilla.suse.com/931673 SUSE Bug 931673 platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. CVE-2015-1262 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1262.html CVE-2015-1262 https://bugzilla.suse.com/931672 SUSE Bug 931672 The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. CVE-2015-1263 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1263.html CVE-2015-1263 https://bugzilla.suse.com/931663 SUSE Bug 931663 Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. CVE-2015-1264 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1264.html CVE-2015-1264 https://bugzilla.suse.com/931661 SUSE Bug 931661 Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-1265 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html https://www.suse.com/security/cve/CVE-2015-1265.html CVE-2015-1265 https://bugzilla.suse.com/931660 SUSE Bug 931660