Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0359-1 Final 1 1 2018-02-04T12:25:16Z current 2018-02-04T12:25:16Z 2018-02-04T12:25:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes (boo#1078463, boo#1079021) The regular expression library re2 was updated to 2018-02-01. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2018-128 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1078463 SUSE Bug 1078463 https://bugzilla.suse.com/1079021 SUSE Bug 1079021 https://www.suse.com/security/cve/CVE-2018-6406/ SUSE CVE CVE-2018-6406 page SUSE Package Hub 12 SUSE Package Hub 12 SP2 chromedriver-64.0.3282.140-49.1 chromium-64.0.3282.140-49.1 libre2-0-20180201-8.1 re2-devel-20180201-8.1 chromedriver-64.0.3282.140-49.1 as a component of SUSE Package Hub 12 chromium-64.0.3282.140-49.1 as a component of SUSE Package Hub 12 libre2-0-20180201-8.1 as a component of SUSE Package Hub 12 re2-devel-20180201-8.1 as a component of SUSE Package Hub 12 chromedriver-64.0.3282.140-49.1 as a component of SUSE Package Hub 12 SP2 chromium-64.0.3282.140-49.1 as a component of SUSE Package Hub 12 SP2 libre2-0-20180201-8.1 as a component of SUSE Package Hub 12 SP2 re2-devel-20180201-8.1 as a component of SUSE Package Hub 12 SP2 The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. CVE-2018-6406 SUSE Package Hub 12 SP2:chromedriver-64.0.3282.140-49.1 SUSE Package Hub 12 SP2:chromium-64.0.3282.140-49.1 SUSE Package Hub 12 SP2:libre2-0-20180201-8.1 SUSE Package Hub 12 SP2:re2-devel-20180201-8.1 SUSE Package Hub 12:chromedriver-64.0.3282.140-49.1 SUSE Package Hub 12:chromium-64.0.3282.140-49.1 SUSE Package Hub 12:libre2-0-20180201-8.1 SUSE Package Hub 12:re2-devel-20180201-8.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6406.html CVE-2018-6406 https://bugzilla.suse.com/1078463 SUSE Bug 1078463