{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for chromium","title":"Title of the patch"},{"category":"description","text":"This update for chromium to version 75.0.3770.80 fixes the following issues:\n \nSecurity issues fixed:\n\n- CVE-2019-5828: Fixed a Use after free in ServiceWorker\n- CVE-2019-5829: Fixed Use after free in Download Manager\n- CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS\n- CVE-2019-5831: Fixed an incorrect map processing in V8\n- CVE-2019-5832: Fixed an incorrect CORS handling in XHR\n- CVE-2019-5833: Fixed an inconsistent security UI placemen\n- CVE-2019-5835: Fixed an out of bounds read in Swiftshader\n- CVE-2019-5836: Fixed a heap buffer overflow in Angle\n- CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache\n- CVE-2019-5838: Fixed an overly permissive tab access in Extensions\n- CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink\n- CVE-2019-5840: Fixed a popup blocker bypass\n\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2019-1558","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1558-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2019:1558-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJ4RNUOHDVA2G6MRW5VTZPKMPGHFS47I/#FJ4RNUOHDVA2G6MRW5VTZPKMPGHFS47I"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2019:1558-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJ4RNUOHDVA2G6MRW5VTZPKMPGHFS47I/#FJ4RNUOHDVA2G6MRW5VTZPKMPGHFS47I"},{"category":"self","summary":"SUSE Bug 1137332","url":"https://bugzilla.suse.com/1137332"},{"category":"self","summary":"SUSE CVE CVE-2019-5828 page","url":"https://www.suse.com/security/cve/CVE-2019-5828/"},{"category":"self","summary":"SUSE CVE CVE-2019-5829 page","url":"https://www.suse.com/security/cve/CVE-2019-5829/"},{"category":"self","summary":"SUSE CVE CVE-2019-5830 page","url":"https://www.suse.com/security/cve/CVE-2019-5830/"},{"category":"self","summary":"SUSE CVE CVE-2019-5831 page","url":"https://www.suse.com/security/cve/CVE-2019-5831/"},{"category":"self","summary":"SUSE CVE CVE-2019-5832 page","url":"https://www.suse.com/security/cve/CVE-2019-5832/"},{"category":"self","summary":"SUSE CVE CVE-2019-5833 page","url":"https://www.suse.com/security/cve/CVE-2019-5833/"},{"category":"self","summary":"SUSE CVE CVE-2019-5834 page","url":"https://www.suse.com/security/cve/CVE-2019-5834/"},{"category":"self","summary":"SUSE CVE CVE-2019-5835 page","url":"https://www.suse.com/security/cve/CVE-2019-5835/"},{"category":"self","summary":"SUSE CVE CVE-2019-5836 page","url":"https://www.suse.com/security/cve/CVE-2019-5836/"},{"category":"self","summary":"SUSE CVE CVE-2019-5837 page","url":"https://www.suse.com/security/cve/CVE-2019-5837/"},{"category":"self","summary":"SUSE CVE CVE-2019-5838 page","url":"https://www.suse.com/security/cve/CVE-2019-5838/"},{"category":"self","summary":"SUSE CVE CVE-2019-5839 page","url":"https://www.suse.com/security/cve/CVE-2019-5839/"},{"category":"self","summary":"SUSE CVE CVE-2019-5840 page","url":"https://www.suse.com/security/cve/CVE-2019-5840/"}],"title":"Security update for chromium","tracking":{"current_release_date":"2019-06-15T16:35:31Z","generator":{"date":"2019-06-15T16:35:31Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2019:1558-1","initial_release_date":"2019-06-15T16:35:31Z","revision_history":[{"date":"2019-06-15T16:35:31Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"chromedriver-75.0.3770.80-lp150.215.1.x86_64","product":{"name":"chromedriver-75.0.3770.80-lp150.215.1.x86_64","product_id":"chromedriver-75.0.3770.80-lp150.215.1.x86_64"}},{"category":"product_version","name":"chromium-75.0.3770.80-lp150.215.1.x86_64","product":{"name":"chromium-75.0.3770.80-lp150.215.1.x86_64","product_id":"chromium-75.0.3770.80-lp150.215.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.0","product":{"name":"openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.0"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"chromedriver-75.0.3770.80-lp150.215.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64"},"product_reference":"chromedriver-75.0.3770.80-lp150.215.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"},{"category":"default_component_of","full_product_name":{"name":"chromium-75.0.3770.80-lp150.215.1.x86_64 as component of openSUSE Leap 15.0","product_id":"openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"},"product_reference":"chromium-75.0.3770.80-lp150.215.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.0"}]},"vulnerabilities":[{"cve":"CVE-2019-5828","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5828"}],"notes":[{"category":"general","text":"Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5828","url":"https://www.suse.com/security/cve/CVE-2019-5828"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5828","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"important"}],"title":"CVE-2019-5828"},{"cve":"CVE-2019-5829","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5829"}],"notes":[{"category":"general","text":"Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5829","url":"https://www.suse.com/security/cve/CVE-2019-5829"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5829","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"important"}],"title":"CVE-2019-5829"},{"cve":"CVE-2019-5830","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5830"}],"notes":[{"category":"general","text":"Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5830","url":"https://www.suse.com/security/cve/CVE-2019-5830"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5830","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5830"},{"cve":"CVE-2019-5831","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5831"}],"notes":[{"category":"general","text":"Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5831","url":"https://www.suse.com/security/cve/CVE-2019-5831"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5831","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"important"}],"title":"CVE-2019-5831"},{"cve":"CVE-2019-5832","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5832"}],"notes":[{"category":"general","text":"Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5832","url":"https://www.suse.com/security/cve/CVE-2019-5832"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5832","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5832"},{"cve":"CVE-2019-5833","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5833"}],"notes":[{"category":"general","text":"Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5833","url":"https://www.suse.com/security/cve/CVE-2019-5833"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5833","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5833"},{"cve":"CVE-2019-5834","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5834"}],"notes":[{"category":"general","text":"Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5834","url":"https://www.suse.com/security/cve/CVE-2019-5834"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5834","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5834"},{"cve":"CVE-2019-5835","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5835"}],"notes":[{"category":"general","text":"Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5835","url":"https://www.suse.com/security/cve/CVE-2019-5835"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5835","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5835"},{"cve":"CVE-2019-5836","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5836"}],"notes":[{"category":"general","text":"Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5836","url":"https://www.suse.com/security/cve/CVE-2019-5836"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5836","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"important"}],"title":"CVE-2019-5836"},{"cve":"CVE-2019-5837","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5837"}],"notes":[{"category":"general","text":"Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5837","url":"https://www.suse.com/security/cve/CVE-2019-5837"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5837","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5837"},{"cve":"CVE-2019-5838","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5838"}],"notes":[{"category":"general","text":"Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5838","url":"https://www.suse.com/security/cve/CVE-2019-5838"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5838","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5838"},{"cve":"CVE-2019-5839","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5839"}],"notes":[{"category":"general","text":"Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5839","url":"https://www.suse.com/security/cve/CVE-2019-5839"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5839","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5839"},{"cve":"CVE-2019-5840","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-5840"}],"notes":[{"category":"general","text":"Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2019-5840","url":"https://www.suse.com/security/cve/CVE-2019-5840"},{"category":"external","summary":"SUSE Bug 1137332 for CVE-2019-5840","url":"https://bugzilla.suse.com/1137332"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.0:chromedriver-75.0.3770.80-lp150.215.1.x86_64","openSUSE Leap 15.0:chromium-75.0.3770.80-lp150.215.1.x86_64"]}],"threats":[{"category":"impact","date":"2019-06-15T16:35:31Z","details":"moderate"}],"title":"CVE-2019-5840"}]}