Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2152-1 Final 1 1 2019-09-19T05:36:39Z current 2019-09-19T05:36:39Z 2019-09-19T05:36:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium to 77.0.3865.75 fixes the following issues: Security issues fixed: - CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425) - CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425) - CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425) - CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425) - CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425) - CVE-2019-5876: Fixed a use-after-free in media (boo#1150425) - CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425) - CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425) - CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425) - CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425) - CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425) - CVE-2019-13659: Fixed an URL spoof. (boo#1150425) - CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425) - CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425) - CVE-2019-13662: Fixed a CSP bypass. (boo#1150425) - CVE-2019-13663: Fixed an IDN spoof. (boo#1150425) - CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425) - CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425) - CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425) - CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425) - CVE-2019-13668: Fixed a global window leak via console. (boo#1150425) - CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425) - CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425) - CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425) - CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425) - CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425) - CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425) - CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425) - CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425) - CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425) - CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425) - CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425) - CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425) - CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425) - CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2152 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE E-Mail link for openSUSE-SU-2019:2152-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1150425 SUSE Bug 1150425 https://www.suse.com/security/cve/CVE-2019-13659/ SUSE CVE CVE-2019-13659 page https://www.suse.com/security/cve/CVE-2019-13660/ SUSE CVE CVE-2019-13660 page https://www.suse.com/security/cve/CVE-2019-13661/ SUSE CVE CVE-2019-13661 page https://www.suse.com/security/cve/CVE-2019-13662/ SUSE CVE CVE-2019-13662 page https://www.suse.com/security/cve/CVE-2019-13663/ SUSE CVE CVE-2019-13663 page https://www.suse.com/security/cve/CVE-2019-13664/ SUSE CVE CVE-2019-13664 page https://www.suse.com/security/cve/CVE-2019-13665/ SUSE CVE CVE-2019-13665 page https://www.suse.com/security/cve/CVE-2019-13666/ SUSE CVE CVE-2019-13666 page https://www.suse.com/security/cve/CVE-2019-13667/ SUSE CVE CVE-2019-13667 page https://www.suse.com/security/cve/CVE-2019-13668/ SUSE CVE CVE-2019-13668 page https://www.suse.com/security/cve/CVE-2019-13669/ SUSE CVE CVE-2019-13669 page https://www.suse.com/security/cve/CVE-2019-13670/ SUSE CVE CVE-2019-13670 page https://www.suse.com/security/cve/CVE-2019-13671/ SUSE CVE CVE-2019-13671 page https://www.suse.com/security/cve/CVE-2019-13673/ SUSE CVE CVE-2019-13673 page https://www.suse.com/security/cve/CVE-2019-13674/ SUSE CVE CVE-2019-13674 page https://www.suse.com/security/cve/CVE-2019-13675/ SUSE CVE CVE-2019-13675 page https://www.suse.com/security/cve/CVE-2019-13676/ SUSE CVE CVE-2019-13676 page https://www.suse.com/security/cve/CVE-2019-13677/ SUSE CVE CVE-2019-13677 page https://www.suse.com/security/cve/CVE-2019-13678/ SUSE CVE CVE-2019-13678 page https://www.suse.com/security/cve/CVE-2019-13679/ SUSE CVE CVE-2019-13679 page https://www.suse.com/security/cve/CVE-2019-13680/ SUSE CVE CVE-2019-13680 page https://www.suse.com/security/cve/CVE-2019-13681/ SUSE CVE CVE-2019-13681 page https://www.suse.com/security/cve/CVE-2019-13682/ SUSE CVE CVE-2019-13682 page https://www.suse.com/security/cve/CVE-2019-13683/ SUSE CVE CVE-2019-13683 page https://www.suse.com/security/cve/CVE-2019-5870/ SUSE CVE CVE-2019-5870 page https://www.suse.com/security/cve/CVE-2019-5871/ SUSE CVE CVE-2019-5871 page https://www.suse.com/security/cve/CVE-2019-5872/ SUSE CVE CVE-2019-5872 page https://www.suse.com/security/cve/CVE-2019-5874/ SUSE CVE CVE-2019-5874 page https://www.suse.com/security/cve/CVE-2019-5875/ SUSE CVE CVE-2019-5875 page https://www.suse.com/security/cve/CVE-2019-5876/ SUSE CVE CVE-2019-5876 page https://www.suse.com/security/cve/CVE-2019-5877/ SUSE CVE CVE-2019-5877 page https://www.suse.com/security/cve/CVE-2019-5878/ SUSE CVE CVE-2019-5878 page https://www.suse.com/security/cve/CVE-2019-5879/ SUSE CVE CVE-2019-5879 page https://www.suse.com/security/cve/CVE-2019-5880/ SUSE CVE CVE-2019-5880 page https://www.suse.com/security/cve/CVE-2019-5881/ SUSE CVE CVE-2019-5881 page openSUSE Leap 15.1 chromedriver-77.0.3865.75-lp151.2.30.1 chromium-77.0.3865.75-lp151.2.30.1 chromedriver-77.0.3865.75-lp151.2.30.1 as a component of openSUSE Leap 15.1 chromium-77.0.3865.75-lp151.2.30.1 as a component of openSUSE Leap 15.1 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13659 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13659.html CVE-2019-13659 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. CVE-2019-13660 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13660.html CVE-2019-13660 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. CVE-2019-13661 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13661.html CVE-2019-13661 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13662 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13662.html CVE-2019-13662 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13663 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13663.html CVE-2019-13663 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13664 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13664.html CVE-2019-13664 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. CVE-2019-13665 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13665.html CVE-2019-13665 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13666 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13666.html CVE-2019-13666 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13667 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13667.html CVE-2019-13667 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13668 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13668.html CVE-2019-13668 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13669 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13669.html CVE-2019-13669 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13670 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13670.html CVE-2019-13670 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2019-13671 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13671.html CVE-2019-13671 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13673 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13673.html CVE-2019-13673 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13674 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13674.html CVE-2019-13674 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. CVE-2019-13675 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13675.html CVE-2019-13675 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13676 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13676.html CVE-2019-13676 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2019-13677 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13677.html CVE-2019-13677 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13678 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13678.html CVE-2019-13678 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. CVE-2019-13679 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13679.html CVE-2019-13679 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections. CVE-2019-13680 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13680.html CVE-2019-13680 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13681 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13681.html CVE-2019-13681 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-13682 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13682.html CVE-2019-13682 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13683 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-13683.html CVE-2019-13683 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5870 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5870.html CVE-2019-5870 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5871 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5871.html CVE-2019-5871 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5872 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5872.html CVE-2019-5872 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5874 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5874.html CVE-2019-5874 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-5875 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5875.html CVE-2019-5875 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5876 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5876.html CVE-2019-5876 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5877 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5877.html CVE-2019-5877 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5878 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5878.html CVE-2019-5878 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. CVE-2019-5879 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5879.html CVE-2019-5879 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5880 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5880.html CVE-2019-5880 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5881 openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1 openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE https://www.suse.com/security/cve/CVE-2019-5881.html CVE-2019-5881 https://bugzilla.suse.com/1150425 SUSE Bug 1150425