Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2557-1 Final 1 1 2017-09-23T06:52:44Z current 2017-09-23T06:52:44Z 2017-09-23T06:52:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update to Chromium 61.0.3163.100 fixes the following vulnerabilities: - CVE-2017-5121: Out-of-bounds access in V8 - CVE-2017-5122: Out-of-bounds access in V8 - Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-1085 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1060019 SUSE Bug 1060019 https://www.suse.com/security/cve/CVE-2017-5121/ SUSE CVE CVE-2017-5121 page https://www.suse.com/security/cve/CVE-2017-5122/ SUSE CVE CVE-2017-5122 page SUSE Package Hub 12 SP2 chromedriver-61.0.3163.100-32.1 chromium-61.0.3163.100-32.1 chromedriver-61.0.3163.100-32.1 as a component of SUSE Package Hub 12 SP2 chromium-61.0.3163.100-32.1 as a component of SUSE Package Hub 12 SP2 Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. CVE-2017-5121 SUSE Package Hub 12 SP2:chromedriver-61.0.3163.100-32.1 SUSE Package Hub 12 SP2:chromium-61.0.3163.100-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5121.html CVE-2017-5121 https://bugzilla.suse.com/1060019 SUSE Bug 1060019 https://bugzilla.suse.com/1060020 SUSE Bug 1060020 Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. CVE-2017-5122 SUSE Package Hub 12 SP2:chromedriver-61.0.3163.100-32.1 SUSE Package Hub 12 SP2:chromium-61.0.3163.100-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5122.html CVE-2017-5122 https://bugzilla.suse.com/1060019 SUSE Bug 1060019 https://bugzilla.suse.com/1060020 SUSE Bug 1060020