Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0491-1 Final 1 1 2016-02-17T07:06:34Z current 2016-02-17T07:06:34Z 2016-02-17T07:06:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update to Chromium 48.0.2564.109 fixes the following issues: Security fixes (boo#965999): - CVE-2016-1622: Same-origin bypass in Extensions - CVE-2016-1623: Same-origin bypass in DOM - CVE-2016-1624: Buffer overflow in Brotli - CVE-2016-1625: Navigation bypass in Chrome Instant - CVE-2016-1626: Out-of-bounds read in PDFium - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives Non-security bug fixes: - boo#965738: resolve issues with specific banking websites when built against system libraries - boo#966082: chromium: sandbox related stacktrace printed - boo#965566: Drop libva support - Prevent graphical issues related to libjpeg - On KDE 5 kwallet5 is the default password store now The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html E-Mail link for openSUSE-SU-2016:0491-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 chromedriver-48.0.2564.109-21.1 chromium-48.0.2564.109-21.1 chromium-desktop-gnome-48.0.2564.109-21.1 chromium-desktop-kde-48.0.2564.109-21.1 chromium-ffmpegsumo-48.0.2564.109-21.1 chromedriver-48.0.2564.109-21.1 as a component of openSUSE Leap 42.1 chromium-48.0.2564.109-21.1 as a component of openSUSE Leap 42.1 chromium-desktop-gnome-48.0.2564.109-21.1 as a component of openSUSE Leap 42.1 chromium-desktop-kde-48.0.2564.109-21.1 as a component of openSUSE Leap 42.1 chromium-ffmpegsumo-48.0.2564.109-21.1 as a component of openSUSE Leap 42.1 The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. CVE-2016-1622 openSUSE Leap 42.1:chromedriver-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-gnome-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-kde-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-ffmpegsumo-48.0.2564.109-21.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html https://www.suse.com/security/cve/CVE-2016-1622.html CVE-2016-1622 https://bugzilla.suse.com/965999 SUSE Bug 965999 The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. CVE-2016-1623 openSUSE Leap 42.1:chromedriver-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-gnome-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-kde-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-ffmpegsumo-48.0.2564.109-21.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html https://www.suse.com/security/cve/CVE-2016-1623.html CVE-2016-1623 https://bugzilla.suse.com/965999 SUSE Bug 965999 Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. CVE-2016-1624 openSUSE Leap 42.1:chromedriver-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-gnome-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-kde-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-ffmpegsumo-48.0.2564.109-21.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html https://www.suse.com/security/cve/CVE-2016-1624.html CVE-2016-1624 https://bugzilla.suse.com/965999 SUSE Bug 965999 The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. CVE-2016-1625 openSUSE Leap 42.1:chromedriver-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-gnome-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-kde-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-ffmpegsumo-48.0.2564.109-21.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html https://www.suse.com/security/cve/CVE-2016-1625.html CVE-2016-1625 https://bugzilla.suse.com/965999 SUSE Bug 965999 The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. CVE-2016-1626 openSUSE Leap 42.1:chromedriver-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-gnome-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-kde-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-ffmpegsumo-48.0.2564.109-21.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html https://www.suse.com/security/cve/CVE-2016-1626.html CVE-2016-1626 https://bugzilla.suse.com/965999 SUSE Bug 965999 The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. CVE-2016-1627 openSUSE Leap 42.1:chromedriver-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-gnome-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-desktop-kde-48.0.2564.109-21.1 openSUSE Leap 42.1:chromium-ffmpegsumo-48.0.2564.109-21.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html https://www.suse.com/security/cve/CVE-2016-1627.html CVE-2016-1627 https://bugzilla.suse.com/965999 SUSE Bug 965999