Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1655-1 Final 1 1 2016-06-22T09:48:40Z current 2016-06-22T09:48:40Z 2016-06-22T09:48:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 51.0.2704.103 to fix three vulnerabilities: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives (shared identifier) (boo#985397) Includes vulnerability fixes from 50.0.2661.102 (boo#979859): - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668: Same origin bypass in Blink V8 bindings - CVE-2016-1669: Buffer overflow in V8 - CVE-2016-1670: Race condition in loader Includes vulnerability fixes from 50.0.2661.94 (boo#977830): - CVE-2016-1660: Out-of-bounds write in Blink - CVE-2016-1661: Memory corruption in cross-process frames - CVE-2016-1662: Use-after-free in extensions - CVE-2016-1663: Use-after-free in Blink’s V8 bindings - CVE-2016-1664: Address bar spoofing - CVE-2016-1665: Information leak in V8 - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html E-Mail link for openSUSE-SU-2016:1655-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-51.0.2704.103-147.1 chromium-51.0.2704.103-147.1 chromium-desktop-gnome-51.0.2704.103-147.1 chromium-desktop-kde-51.0.2704.103-147.1 chromium-ffmpegsumo-51.0.2704.103-147.1 Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. CVE-2016-1660 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1660.html CVE-2016-1660 https://bugzilla.suse.com/977830 SUSE Bug 977830 Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. CVE-2016-1661 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1661.html CVE-2016-1661 https://bugzilla.suse.com/977830 SUSE Bug 977830 extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. CVE-2016-1662 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1662.html CVE-2016-1662 https://bugzilla.suse.com/977830 SUSE Bug 977830 The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. CVE-2016-1663 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1663.html CVE-2016-1663 https://bugzilla.suse.com/977830 SUSE Bug 977830 The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. CVE-2016-1664 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1664.html CVE-2016-1664 https://bugzilla.suse.com/977830 SUSE Bug 977830 The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code. CVE-2016-1665 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1665.html CVE-2016-1665 https://bugzilla.suse.com/977830 SUSE Bug 977830 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1666 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1666.html CVE-2016-1666 https://bugzilla.suse.com/977830 SUSE Bug 977830 The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2016-1667 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1667.html CVE-2016-1667 https://bugzilla.suse.com/979859 SUSE Bug 979859 The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2016-1668 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1668.html CVE-2016-1668 https://bugzilla.suse.com/979859 SUSE Bug 979859 The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1669 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1669.html CVE-2016-1669 https://bugzilla.suse.com/979859 SUSE Bug 979859 https://bugzilla.suse.com/987919 SUSE Bug 987919 Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. CVE-2016-1670 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1670.html CVE-2016-1670 https://bugzilla.suse.com/979859 SUSE Bug 979859 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1704 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html https://www.suse.com/security/cve/CVE-2016-1704.html CVE-2016-1704 https://bugzilla.suse.com/985397 SUSE Bug 985397