Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1275-1 Final 1 1 2018-05-12T18:32:22Z current 2018-05-12T18:32:22Z 2018-05-12T18:32:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update for Chromium to version 66.0.3359.170 fixes the following issues: Security issues fixed (boo#1092923): - CVE-2018-6121: Privilege Escalation in extensions - CVE-2018-6122: Type confusion in V8 - CVE-2018-6120: Heap buffer overflow in PDFium - Various fixes from internal audits, fuzzing and other initiatives The following bugs are fixed: - boo#1092272: Improved support for subpixel rending The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00075.html E-Mail link for openSUSE-SU-2018:1275-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 chromedriver-66.0.3359.170-158.1 chromium-66.0.3359.170-158.1 chromedriver-66.0.3359.170-158.1 as a component of openSUSE Leap 42.3 chromium-66.0.3359.170-158.1 as a component of openSUSE Leap 42.3 An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2018-6120 openSUSE Leap 42.3:chromedriver-66.0.3359.170-158.1 openSUSE Leap 42.3:chromium-66.0.3359.170-158.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00075.html https://www.suse.com/security/cve/CVE-2018-6120.html CVE-2018-6120 https://bugzilla.suse.com/1092923 SUSE Bug 1092923 Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. CVE-2018-6121 openSUSE Leap 42.3:chromedriver-66.0.3359.170-158.1 openSUSE Leap 42.3:chromium-66.0.3359.170-158.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00075.html https://www.suse.com/security/cve/CVE-2018-6121.html CVE-2018-6121 https://bugzilla.suse.com/1092923 SUSE Bug 1092923 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6122 openSUSE Leap 42.3:chromedriver-66.0.3359.170-158.1 openSUSE Leap 42.3:chromium-66.0.3359.170-158.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-05/msg00075.html https://www.suse.com/security/cve/CVE-2018-6122.html CVE-2018-6122 https://bugzilla.suse.com/1092923 SUSE Bug 1092923