Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3108-1 Final 1 1 2016-12-13T08:20:22Z current 2016-12-13T08:20:22Z 2016-12-13T08:20:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update to Chromium 55.0.2883.75 fixes the following vulnerabilities: - CVE-2016-9651: Private property access in V8 - CVE-2016-5208: Universal XSS in Blink - CVE-2016-5207: Universal XSS in Blink - CVE-2016-5206: Same-origin bypass in PDFium - CVE-2016-5205: Universal XSS in Blink - CVE-2016-5204: Universal XSS in Blink - CVE-2016-5209: Out of bounds write in Blink - CVE-2016-5203: Use after free in PDFium - CVE-2016-5210: Out of bounds write in PDFium - CVE-2016-5212: Local file disclosure in DevTools - CVE-2016-5211: Use after free in PDFium - CVE-2016-5213: Use after free in V8 - CVE-2016-5214: File download protection bypass - CVE-2016-5216: Use after free in PDFium - CVE-2016-5215: Use after free in Webaudio - CVE-2016-5217: Use of unvalidated data in PDFium - CVE-2016-5218: Address spoofing in Omnibox - CVE-2016-5219: Use after free in V8 - CVE-2016-5221: Integer overflow in ANGLE - CVE-2016-5220: Local file access in PDFium - CVE-2016-5222: Address spoofing in Omnibox - CVE-2016-9650: CSP Referrer disclosure - CVE-2016-5223: Integer overflow in PDFium - CVE-2016-5226: Limited XSS in Blink - CVE-2016-5225: CSP bypass in Blink - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives The default bookmarks override was removed. The following packaging changes are included: - Switch to system libraries: harfbuzz, zlib, ffmpeg, where available. - Chromium now requires harfbuzz >= 1.3.0 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html E-Mail link for openSUSE-SU-2016:3108-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 chromedriver-55.0.2883.75-99.2 chromium-55.0.2883.75-99.2 chromedriver-55.0.2883.75-99.2 as a component of openSUSE Leap 42.1 chromium-55.0.2883.75-99.2 as a component of openSUSE Leap 42.1 chromedriver-55.0.2883.75-99.2 as a component of openSUSE Leap 42.2 chromium-55.0.2883.75-99.2 as a component of openSUSE Leap 42.2 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2016-5203 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5203.html CVE-2016-5203 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2016-5204 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5204.html CVE-2016-5204 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2016-5205 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5205.html CVE-2016-5205 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. CVE-2016-5206 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5206.html CVE-2016-5206 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. CVE-2016-5207 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5207.html CVE-2016-5207 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2016-5208 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5208.html CVE-2016-5208 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2016-5209 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5209.html CVE-2016-5209 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2016-5210 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5210.html CVE-2016-5210 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2016-5211 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5211.html CVE-2016-5211 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. CVE-2016-5212 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5212.html CVE-2016-5212 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2016-5213 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5213.html CVE-2016-5213 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. CVE-2016-5214 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5214.html CVE-2016-5214 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2016-5215 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5215.html CVE-2016-5215 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2016-5216 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5216.html CVE-2016-5216 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2016-5217 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5217.html CVE-2016-5217 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data. CVE-2016-5218 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5218.html CVE-2016-5218 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2016-5219 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5219.html CVE-2016-5219 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 https://bugzilla.suse.com/1013274 SUSE Bug 1013274 PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. CVE-2016-5220 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5220.html CVE-2016-5220 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. CVE-2016-5221 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5221.html CVE-2016-5221 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2016-5222 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5222.html CVE-2016-5222 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. CVE-2016-5223 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5223.html CVE-2016-5223 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. CVE-2016-5224 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5224.html CVE-2016-5224 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. CVE-2016-5225 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5225.html CVE-2016-5225 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. CVE-2016-5226 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-5226.html CVE-2016-5226 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. CVE-2016-9650 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-9650.html CVE-2016-9650 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2016-9651 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-9651.html CVE-2016-9651 https://bugzilla.suse.com/1013236 SUSE Bug 1013236 Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. CVE-2016-9652 openSUSE Leap 42.1:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.1:chromium-55.0.2883.75-99.2 openSUSE Leap 42.2:chromedriver-55.0.2883.75-99.2 openSUSE Leap 42.2:chromium-55.0.2883.75-99.2 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html https://www.suse.com/security/cve/CVE-2016-9652.html CVE-2016-9652 https://bugzilla.suse.com/1013236 SUSE Bug 1013236