Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0740-1 Final 1 1 2017-03-17T20:07:47Z current 2017-03-17T20:07:47Z 2017-03-17T20:07:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848): - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included: - Address broken rendering on non-intel cards The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-353 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 E-Mail link for openSUSE-SU-2017:0740-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://www.suse.com/security/cve/CVE-2017-5029/ SUSE CVE CVE-2017-5029 page https://www.suse.com/security/cve/CVE-2017-5030/ SUSE CVE CVE-2017-5030 page https://www.suse.com/security/cve/CVE-2017-5031/ SUSE CVE CVE-2017-5031 page https://www.suse.com/security/cve/CVE-2017-5032/ SUSE CVE CVE-2017-5032 page https://www.suse.com/security/cve/CVE-2017-5033/ SUSE CVE CVE-2017-5033 page https://www.suse.com/security/cve/CVE-2017-5034/ SUSE CVE CVE-2017-5034 page https://www.suse.com/security/cve/CVE-2017-5035/ SUSE CVE CVE-2017-5035 page https://www.suse.com/security/cve/CVE-2017-5036/ SUSE CVE CVE-2017-5036 page https://www.suse.com/security/cve/CVE-2017-5037/ SUSE CVE CVE-2017-5037 page https://www.suse.com/security/cve/CVE-2017-5038/ SUSE CVE CVE-2017-5038 page https://www.suse.com/security/cve/CVE-2017-5039/ SUSE CVE CVE-2017-5039 page https://www.suse.com/security/cve/CVE-2017-5040/ SUSE CVE CVE-2017-5040 page https://www.suse.com/security/cve/CVE-2017-5041/ SUSE CVE CVE-2017-5041 page https://www.suse.com/security/cve/CVE-2017-5042/ SUSE CVE CVE-2017-5042 page https://www.suse.com/security/cve/CVE-2017-5043/ SUSE CVE CVE-2017-5043 page https://www.suse.com/security/cve/CVE-2017-5044/ SUSE CVE CVE-2017-5044 page https://www.suse.com/security/cve/CVE-2017-5045/ SUSE CVE CVE-2017-5045 page https://www.suse.com/security/cve/CVE-2017-5046/ SUSE CVE CVE-2017-5046 page SUSE Package Hub 12 SP2 chromedriver-57.0.2987.98-8.1 chromium-57.0.2987.98-8.1 chromedriver-57.0.2987.98-8.1 as a component of SUSE Package Hub 12 SP2 chromium-57.0.2987.98-8.1 as a component of SUSE Package Hub 12 SP2 The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2017-5029 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 low 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5029.html CVE-2017-5029 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 https://bugzilla.suse.com/1035905 SUSE Bug 1035905 https://bugzilla.suse.com/1123130 SUSE Bug 1123130 Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2017-5030 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5030.html CVE-2017-5030 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5031 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5031.html CVE-2017-5031 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-5032 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5032.html CVE-2017-5032 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. CVE-2017-5033 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5033.html CVE-2017-5033 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2017-5034 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5034.html CVE-2017-5034 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. CVE-2017-5035 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5035.html CVE-2017-5035 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. CVE-2017-5036 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5036.html CVE-2017-5036 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. CVE-2017-5037 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5037.html CVE-2017-5037 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. CVE-2017-5038 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5038.html CVE-2017-5038 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-5039 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5039.html CVE-2017-5039 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. CVE-2017-5040 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5040.html CVE-2017-5040 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. CVE-2017-5041 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5041.html CVE-2017-5041 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. CVE-2017-5042 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 moderate 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5042.html CVE-2017-5042 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. CVE-2017-5043 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5043.html CVE-2017-5043 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5044 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5044.html CVE-2017-5044 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. CVE-2017-5045 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5045.html CVE-2017-5045 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. CVE-2017-5046 SUSE Package Hub 12 SP2:chromedriver-57.0.2987.98-8.1 SUSE Package Hub 12 SP2:chromium-57.0.2987.98-8.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4/#2PWEOYPGN6NS2GPOOLH27ZPXQ7KSRFP4 https://www.suse.com/security/cve/CVE-2017-5046.html CVE-2017-5046 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875