Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1304-1 Final 1 1 2016-05-16T07:20:48Z current 2016-05-16T07:20:48Z 2016-05-16T07:20:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 50.0.2661.102 to fix four vulnerabilities (boo#979859): - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668: Same origin bypass in Blink V8 bindings - CVE-2016-1669: Buffer overflow in V8 - CVE-2016-1670: Race condition in loader The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html E-Mail link for openSUSE-SU-2016:1304-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 chromedriver-50.0.2661.102-48.1 chromium-50.0.2661.102-48.1 chromium-desktop-gnome-50.0.2661.102-48.1 chromium-desktop-kde-50.0.2661.102-48.1 chromium-ffmpegsumo-50.0.2661.102-48.1 chromedriver-50.0.2661.102-48.1 as a component of openSUSE Leap 42.1 chromium-50.0.2661.102-48.1 as a component of openSUSE Leap 42.1 chromium-desktop-gnome-50.0.2661.102-48.1 as a component of openSUSE Leap 42.1 chromium-desktop-kde-50.0.2661.102-48.1 as a component of openSUSE Leap 42.1 chromium-ffmpegsumo-50.0.2661.102-48.1 as a component of openSUSE Leap 42.1 The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2016-1667 openSUSE Leap 42.1:chromedriver-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.102-48.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html https://www.suse.com/security/cve/CVE-2016-1667.html CVE-2016-1667 https://bugzilla.suse.com/979859 SUSE Bug 979859 The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2016-1668 openSUSE Leap 42.1:chromedriver-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.102-48.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html https://www.suse.com/security/cve/CVE-2016-1668.html CVE-2016-1668 https://bugzilla.suse.com/979859 SUSE Bug 979859 The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1669 openSUSE Leap 42.1:chromedriver-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.102-48.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html https://www.suse.com/security/cve/CVE-2016-1669.html CVE-2016-1669 https://bugzilla.suse.com/979859 SUSE Bug 979859 https://bugzilla.suse.com/987919 SUSE Bug 987919 Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. CVE-2016-1670 openSUSE Leap 42.1:chromedriver-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-gnome-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-desktop-kde-50.0.2661.102-48.1 openSUSE Leap 42.1:chromium-ffmpegsumo-50.0.2661.102-48.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html https://www.suse.com/security/cve/CVE-2016-1670.html CVE-2016-1670 https://bugzilla.suse.com/979859 SUSE Bug 979859