Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1489-1 Final 1 1 2016-06-03T05:21:44Z current 2016-06-03T05:21:44Z 2016-06-03T05:21:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 51.0.2704.79 to fix a number of security issues. [boo#982719] - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html E-Mail link for openSUSE-SU-2016:1489-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 chromedriver-51.0.2704.79-54.1 chromium-51.0.2704.79-54.1 chromium-desktop-gnome-51.0.2704.79-54.1 chromium-desktop-kde-51.0.2704.79-54.1 chromium-ffmpegsumo-51.0.2704.79-54.1 chromedriver-51.0.2704.79-54.1 as a component of openSUSE Leap 42.1 chromium-51.0.2704.79-54.1 as a component of openSUSE Leap 42.1 chromium-desktop-gnome-51.0.2704.79-54.1 as a component of openSUSE Leap 42.1 chromium-desktop-kde-51.0.2704.79-54.1 as a component of openSUSE Leap 42.1 chromium-ffmpegsumo-51.0.2704.79-54.1 as a component of openSUSE Leap 42.1 The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1696 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1696.html CVE-2016-1696 https://bugzilla.suse.com/982719 SUSE Bug 982719 The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. CVE-2016-1697 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1697.html CVE-2016-1697 https://bugzilla.suse.com/982719 SUSE Bug 982719 The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. CVE-2016-1698 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1698.html CVE-2016-1698 https://bugzilla.suse.com/982719 SUSE Bug 982719 WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. CVE-2016-1699 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1699.html CVE-2016-1699 https://bugzilla.suse.com/982719 SUSE Bug 982719 extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. CVE-2016-1700 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1700.html CVE-2016-1700 https://bugzilla.suse.com/982719 SUSE Bug 982719 The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. CVE-2016-1701 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1701.html CVE-2016-1701 https://bugzilla.suse.com/982719 SUSE Bug 982719 The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. CVE-2016-1702 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1702.html CVE-2016-1702 https://bugzilla.suse.com/982719 SUSE Bug 982719 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1703 openSUSE Leap 42.1:chromedriver-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.79-54.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.79-54.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html https://www.suse.com/security/cve/CVE-2016-1703.html CVE-2016-1703 https://bugzilla.suse.com/982719 SUSE Bug 982719