Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1496-1 Final 1 1 2016-06-05T11:05:06Z current 2016-06-05T11:05:06Z 2016-06-05T11:05:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities: - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools - CVE-2016-1700: Use-after-free in Extensions - CVE-2016-1701: Use-after-free in Autofill - CVE-2016-1702: Out-of-bounds read in Skia - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives Also includes vulnerabilities fixed in 51.0.2704.63 (boo#981886): - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink - CVE-2016-1676: Cross-origin bypass in extension bindings - CVE-2016-1677: Type confusion in V8 - CVE-2016-1678: Heap overflow in V8 - CVE-2016-1679: Heap use-after-free in V8 bindings - CVE-2016-1680: Heap use-after-free in Skia - CVE-2016-1681: Heap overflow in PDFium - CVE-2016-1682: CSP bypass for ServiceWorker - CVE-2016-1683: Out-of-bounds access in libxslt - CVE-2016-1684: Integer overflow in libxslt - CVE-2016-1685: Out-of-bounds read in PDFium - CVE-2016-1686: Out-of-bounds read in PDFium - CVE-2016-1687: Information leak in extensions - CVE-2016-1688: Out-of-bounds read in V8 - CVE-2016-1689: Heap buffer overflow in media - CVE-2016-1690: Heap use-after-free in Autofill - CVE-2016-1691: Heap buffer-overflow in Skia - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker - CVE-2016-1693: HTTP Download of Software Removal Tool - CVE-2016-1694: HPKP pins removed on cache clearance - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html E-Mail link for openSUSE-SU-2016:1496-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 chromedriver-51.0.2704.79-105.2 chromedriver-debuginfo-51.0.2704.79-105.2 chromium-51.0.2704.79-105.2 chromium-debuginfo-51.0.2704.79-105.2 chromium-debugsource-51.0.2704.79-105.2 chromium-desktop-gnome-51.0.2704.79-105.2 chromium-desktop-kde-51.0.2704.79-105.2 chromium-ffmpegsumo-51.0.2704.79-105.2 chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 chromedriver-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromedriver-debuginfo-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-debuginfo-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-debugsource-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-desktop-gnome-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-desktop-kde-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-ffmpegsumo-51.0.2704.79-105.2 as a component of openSUSE 13.2 chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 as a component of openSUSE 13.2 The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. CVE-2016-1672 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1672.html CVE-2016-1672 https://bugzilla.suse.com/981886 SUSE Bug 981886 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1673 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1673.html CVE-2016-1673 https://bugzilla.suse.com/981886 SUSE Bug 981886 The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1674 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1674.html CVE-2016-1674 https://bugzilla.suse.com/981886 SUSE Bug 981886 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. CVE-2016-1675 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1675.html CVE-2016-1675 https://bugzilla.suse.com/981886 SUSE Bug 981886 extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1676 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1676.html CVE-2016-1676 https://bugzilla.suse.com/981886 SUSE Bug 981886 uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." CVE-2016-1677 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1677.html CVE-2016-1677 https://bugzilla.suse.com/981886 SUSE Bug 981886 objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1678 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1678.html CVE-2016-1678 https://bugzilla.suse.com/981886 SUSE Bug 981886 The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1679 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1679.html CVE-2016-1679 https://bugzilla.suse.com/981886 SUSE Bug 981886 Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2016-1680 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1680.html CVE-2016-1680 https://bugzilla.suse.com/981886 SUSE Bug 981886 Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. CVE-2016-1681 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1681.html CVE-2016-1681 https://bugzilla.suse.com/981886 SUSE Bug 981886 The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. CVE-2016-1682 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1682.html CVE-2016-1682 https://bugzilla.suse.com/981886 SUSE Bug 981886 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. CVE-2016-1683 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1683.html CVE-2016-1683 https://bugzilla.suse.com/981886 SUSE Bug 981886 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CVE-2016-1684 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1684.html CVE-2016-1684 https://bugzilla.suse.com/981886 SUSE Bug 981886 core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. CVE-2016-1685 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1685.html CVE-2016-1685 https://bugzilla.suse.com/981886 SUSE Bug 981886 The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. CVE-2016-1686 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1686.html CVE-2016-1686 https://bugzilla.suse.com/981886 SUSE Bug 981886 The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. CVE-2016-1687 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1687.html CVE-2016-1687 https://bugzilla.suse.com/981886 SUSE Bug 981886 The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. CVE-2016-1688 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1688.html CVE-2016-1688 https://bugzilla.suse.com/981886 SUSE Bug 981886 Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. CVE-2016-1689 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1689.html CVE-2016-1689 https://bugzilla.suse.com/981886 SUSE Bug 981886 The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. CVE-2016-1690 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1690.html CVE-2016-1690 https://bugzilla.suse.com/981886 SUSE Bug 981886 Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. CVE-2016-1691 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1691.html CVE-2016-1691 https://bugzilla.suse.com/981886 SUSE Bug 981886 WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2016-1692 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1692.html CVE-2016-1692 https://bugzilla.suse.com/981886 SUSE Bug 981886 browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. CVE-2016-1693 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1693.html CVE-2016-1693 https://bugzilla.suse.com/981886 SUSE Bug 981886 browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority. CVE-2016-1694 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1694.html CVE-2016-1694 https://bugzilla.suse.com/981886 SUSE Bug 981886 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1695 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1695.html CVE-2016-1695 https://bugzilla.suse.com/981886 SUSE Bug 981886 The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1696 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1696.html CVE-2016-1696 https://bugzilla.suse.com/982719 SUSE Bug 982719 The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. CVE-2016-1697 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1697.html CVE-2016-1697 https://bugzilla.suse.com/982719 SUSE Bug 982719 The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. CVE-2016-1698 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1698.html CVE-2016-1698 https://bugzilla.suse.com/982719 SUSE Bug 982719 WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. CVE-2016-1699 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1699.html CVE-2016-1699 https://bugzilla.suse.com/982719 SUSE Bug 982719 extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. CVE-2016-1700 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1700.html CVE-2016-1700 https://bugzilla.suse.com/982719 SUSE Bug 982719 The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. CVE-2016-1701 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1701.html CVE-2016-1701 https://bugzilla.suse.com/982719 SUSE Bug 982719 The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. CVE-2016-1702 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1702.html CVE-2016-1702 https://bugzilla.suse.com/982719 SUSE Bug 982719 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1703 openSUSE 13.2:chromedriver-51.0.2704.79-105.2 openSUSE 13.2:chromedriver-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-51.0.2704.79-105.2 openSUSE 13.2:chromium-debuginfo-51.0.2704.79-105.2 openSUSE 13.2:chromium-debugsource-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-gnome-51.0.2704.79-105.2 openSUSE 13.2:chromium-desktop-kde-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-51.0.2704.79-105.2 openSUSE 13.2:chromium-ffmpegsumo-debuginfo-51.0.2704.79-105.2 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://www.suse.com/security/cve/CVE-2016-1703.html CVE-2016-1703 https://bugzilla.suse.com/982719 SUSE Bug 982719