Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1208-1 Final 1 1 2016-05-03T18:23:35Z current 2016-05-03T18:23:35Z 2016-05-03T18:23:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 50.0.2661.94 to fix a number of vulnerabilities (boo#977830): - CVE-2016-1660: Out-of-bounds write in Blink - CVE-2016-1661: Memory corruption in cross-process frames - CVE-2016-1662: Use-after-free in extensions - CVE-2016-1663: Use-after-free in Blink’s V8 bindings - CVE-2016-1664: Address bar spoofing - CVE-2016-1665: Information leak in V8 - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html E-Mail link for openSUSE-SU-2016:1208-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 chromedriver-50.0.2661.94-45.1 chromium-50.0.2661.94-45.1 chromium-desktop-gnome-50.0.2661.94-45.1 chromium-desktop-kde-50.0.2661.94-45.1 chromium-ffmpegsumo-50.0.2661.94-45.1 chromedriver-50.0.2661.94-45.1 as a component of openSUSE Leap 42.1 chromium-50.0.2661.94-45.1 as a component of openSUSE Leap 42.1 chromium-desktop-gnome-50.0.2661.94-45.1 as a component of openSUSE Leap 42.1 chromium-desktop-kde-50.0.2661.94-45.1 as a component of openSUSE Leap 42.1 chromium-ffmpegsumo-50.0.2661.94-45.1 as a component of openSUSE Leap 42.1 Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. CVE-2016-1660 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1660.html CVE-2016-1660 https://bugzilla.suse.com/977830 SUSE Bug 977830 Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. CVE-2016-1661 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1661.html CVE-2016-1661 https://bugzilla.suse.com/977830 SUSE Bug 977830 extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. CVE-2016-1662 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1662.html CVE-2016-1662 https://bugzilla.suse.com/977830 SUSE Bug 977830 The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. CVE-2016-1663 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1663.html CVE-2016-1663 https://bugzilla.suse.com/977830 SUSE Bug 977830 The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. CVE-2016-1664 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1664.html CVE-2016-1664 https://bugzilla.suse.com/977830 SUSE Bug 977830 The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code. CVE-2016-1665 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1665.html CVE-2016-1665 https://bugzilla.suse.com/977830 SUSE Bug 977830 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1666 openSUSE Leap 42.1:chromedriver-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.94-45.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.94-45.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html https://www.suse.com/security/cve/CVE-2016-1666.html CVE-2016-1666 https://bugzilla.suse.com/977830 SUSE Bug 977830