Security update of chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0565-1 Final 1 1 2017-02-18T10:40:17Z current 2017-02-18T10:40:17Z 2017-02-18T10:40:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update of chromium Google chromium was updated to 56.0.2924.87: * Various small fixes * Disabled option to enable/disable plugins in the chrome://plugins - Changed the build requirement of libavformat to library version 57.41.100, as included in ffmpeg 3.1.1, as only this version properly supports the public AVStream API 'codecpar'. It also contains the version update to 56.0.2924.76 (bsc#1022049): - CVE-2017-5007: Universal XSS in Blink - CVE-2017-5006: Universal XSS in Blink - CVE-2017-5008: Universal XSS in Blink - CVE-2017-5010: Universal XSS in Blink - CVE-2017-5011: Unauthorised file access in Devtools - CVE-2017-5009: Out of bounds memory access in WebRTC - CVE-2017-5012: Heap overflow in V8 - CVE-2017-5013: Address spoofing in Omnibox - CVE-2017-5014: Heap overflow in Skia - CVE-2017-5015: Address spoofing in Omnibox - CVE-2017-5019: Use after free in Renderer - CVE-2017-5016: UI spoofing in Blink - CVE-2017-5017: Uninitialised memory access in webm video - CVE-2017-5018: Universal XSS in chrome://apps - CVE-2017-5020: Universal XSS in chrome://downloads - CVE-2017-5021: Use after free in Extensions - CVE-2017-5022: Bypass of Content Security Policy in Blink - CVE-2017-5023: Type confusion in metrics - CVE-2017-5024: Heap overflow in FFmpeg - CVE-2017-5025: Heap overflow in FFmpeg - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing - Enable VAAPI hardware accelerated video decoding. - Chromium 55.0.2883.87: * various fixes for crashes and specific wesites * update Google pinned certificates The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-272 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z E-Mail link for openSUSE-SU-2017:0565-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1022049 SUSE Bug 1022049 https://www.suse.com/security/cve/CVE-2017-5006/ SUSE CVE CVE-2017-5006 page https://www.suse.com/security/cve/CVE-2017-5007/ SUSE CVE CVE-2017-5007 page https://www.suse.com/security/cve/CVE-2017-5008/ SUSE CVE CVE-2017-5008 page https://www.suse.com/security/cve/CVE-2017-5009/ SUSE CVE CVE-2017-5009 page https://www.suse.com/security/cve/CVE-2017-5010/ SUSE CVE CVE-2017-5010 page https://www.suse.com/security/cve/CVE-2017-5011/ SUSE CVE CVE-2017-5011 page https://www.suse.com/security/cve/CVE-2017-5012/ SUSE CVE CVE-2017-5012 page https://www.suse.com/security/cve/CVE-2017-5013/ SUSE CVE CVE-2017-5013 page https://www.suse.com/security/cve/CVE-2017-5014/ SUSE CVE CVE-2017-5014 page https://www.suse.com/security/cve/CVE-2017-5015/ SUSE CVE CVE-2017-5015 page https://www.suse.com/security/cve/CVE-2017-5016/ SUSE CVE CVE-2017-5016 page https://www.suse.com/security/cve/CVE-2017-5017/ SUSE CVE CVE-2017-5017 page https://www.suse.com/security/cve/CVE-2017-5018/ SUSE CVE CVE-2017-5018 page https://www.suse.com/security/cve/CVE-2017-5019/ SUSE CVE CVE-2017-5019 page https://www.suse.com/security/cve/CVE-2017-5020/ SUSE CVE CVE-2017-5020 page https://www.suse.com/security/cve/CVE-2017-5021/ SUSE CVE CVE-2017-5021 page https://www.suse.com/security/cve/CVE-2017-5022/ SUSE CVE CVE-2017-5022 page https://www.suse.com/security/cve/CVE-2017-5023/ SUSE CVE CVE-2017-5023 page https://www.suse.com/security/cve/CVE-2017-5024/ SUSE CVE CVE-2017-5024 page https://www.suse.com/security/cve/CVE-2017-5025/ SUSE CVE CVE-2017-5025 page https://www.suse.com/security/cve/CVE-2017-5026/ SUSE CVE CVE-2017-5026 page SUSE Package Hub 12 SP2 chromedriver-56.0.2924.87-5.1 chromium-56.0.2924.87-5.1 chromedriver-56.0.2924.87-5.1 as a component of SUSE Package Hub 12 SP2 chromium-56.0.2924.87-5.1 as a component of SUSE Package Hub 12 SP2 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5006 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5006.html CVE-2017-5006 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5007 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5007.html CVE-2017-5007 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5008 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5008.html CVE-2017-5008 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5009 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5009.html CVE-2017-5009 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5010 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5010.html CVE-2017-5010 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. CVE-2017-5011 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5011.html CVE-2017-5011 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5012 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5012.html CVE-2017-5012 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-5013 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5013.html CVE-2017-5013 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5014 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5014.html CVE-2017-5014 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5015 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5015.html CVE-2017-5015 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. CVE-2017-5016 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5016.html CVE-2017-5016 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. CVE-2017-5017 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5017.html CVE-2017-5017 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2017-5018 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5018.html CVE-2017-5018 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5019 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5019.html CVE-2017-5019 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. CVE-2017-5020 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5020.html CVE-2017-5020 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5021 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5021.html CVE-2017-5021 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2017-5022 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5022.html CVE-2017-5022 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. CVE-2017-5023 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5023.html CVE-2017-5023 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2017-5024 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5024.html CVE-2017-5024 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2017-5025 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5025.html CVE-2017-5025 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. CVE-2017-5026 SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1 SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z https://www.suse.com/security/cve/CVE-2017-5026.html CVE-2017-5026 https://bugzilla.suse.com/1022049 SUSE Bug 1022049