{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for Chromium","title":"Title of the patch"},{"category":"description","text":"Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\nThe following vulnerabilities were fixed: (boo#996648)\n\n- CVE-2016-5147: Universal XSS in Blink.\n- CVE-2016-5148: Universal XSS in Blink.\n- CVE-2016-5149: Script injection in extensions.\n- CVE-2016-5150: Use after free in Blink.\n- CVE-2016-5151: Use after free in PDFium.\n- CVE-2016-5152: Heap overflow in PDFium.\n- CVE-2016-5153: Use after destruction in Blink.\n- CVE-2016-5154: Heap overflow in PDFium.\n- CVE-2016-5155: Address bar spoofing.\n- CVE-2016-5156: Use after free in event bindings.\n- CVE-2016-5157: Heap overflow in PDFium.\n- CVE-2016-5158: Heap overflow in PDFium.\n- CVE-2016-5159: Heap overflow in PDFium.\n- CVE-2016-5161: Type confusion in Blink.\n- CVE-2016-5162: Extensions web accessible resources bypass.\n- CVE-2016-5163: Address bar spoofing.\n- CVE-2016-5164: Universal XSS using DevTools.\n- CVE-2016-5165: Script injection in DevTools.\n- CVE-2016-5166: SMB Relay Attack via Save Page As.\n- CVE-2016-5160: Extensions web accessible resources bypass.\n\nA number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)","title":"Description of the patch"},{"category":"details","text":"5568","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2251-1.json"},{"category":"self","summary":"URL for SUSE-SU-2016:2251-1","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162251-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2016:2251-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2016-September/002259.html"},{"category":"self","summary":"SUSE Bug 995932","url":"https://bugzilla.suse.com/995932"},{"category":"self","summary":"SUSE Bug 996032","url":"https://bugzilla.suse.com/996032"},{"category":"self","summary":"SUSE Bug 99606","url":"https://bugzilla.suse.com/99606"},{"category":"self","summary":"SUSE Bug 996648","url":"https://bugzilla.suse.com/996648"},{"category":"self","summary":"SUSE CVE CVE-2016-5147 page","url":"https://www.suse.com/security/cve/CVE-2016-5147/"},{"category":"self","summary":"SUSE CVE CVE-2016-5148 page","url":"https://www.suse.com/security/cve/CVE-2016-5148/"},{"category":"self","summary":"SUSE CVE CVE-2016-5149 page","url":"https://www.suse.com/security/cve/CVE-2016-5149/"},{"category":"self","summary":"SUSE CVE CVE-2016-5150 page","url":"https://www.suse.com/security/cve/CVE-2016-5150/"},{"category":"self","summary":"SUSE CVE CVE-2016-5151 page","url":"https://www.suse.com/security/cve/CVE-2016-5151/"},{"category":"self","summary":"SUSE CVE CVE-2016-5152 page","url":"https://www.suse.com/security/cve/CVE-2016-5152/"},{"category":"self","summary":"SUSE CVE CVE-2016-5153 page","url":"https://www.suse.com/security/cve/CVE-2016-5153/"},{"category":"self","summary":"SUSE CVE CVE-2016-5154 page","url":"https://www.suse.com/security/cve/CVE-2016-5154/"},{"category":"self","summary":"SUSE CVE CVE-2016-5155 page","url":"https://www.suse.com/security/cve/CVE-2016-5155/"},{"category":"self","summary":"SUSE CVE CVE-2016-5156 page","url":"https://www.suse.com/security/cve/CVE-2016-5156/"},{"category":"self","summary":"SUSE CVE CVE-2016-5157 page","url":"https://www.suse.com/security/cve/CVE-2016-5157/"},{"category":"self","summary":"SUSE CVE CVE-2016-5158 page","url":"https://www.suse.com/security/cve/CVE-2016-5158/"},{"category":"self","summary":"SUSE CVE CVE-2016-5159 page","url":"https://www.suse.com/security/cve/CVE-2016-5159/"},{"category":"self","summary":"SUSE CVE CVE-2016-5160 page","url":"https://www.suse.com/security/cve/CVE-2016-5160/"},{"category":"self","summary":"SUSE CVE CVE-2016-5161 page","url":"https://www.suse.com/security/cve/CVE-2016-5161/"},{"category":"self","summary":"SUSE CVE CVE-2016-5162 page","url":"https://www.suse.com/security/cve/CVE-2016-5162/"},{"category":"self","summary":"SUSE CVE CVE-2016-5163 page","url":"https://www.suse.com/security/cve/CVE-2016-5163/"},{"category":"self","summary":"SUSE CVE CVE-2016-5164 page","url":"https://www.suse.com/security/cve/CVE-2016-5164/"},{"category":"self","summary":"SUSE CVE CVE-2016-5165 page","url":"https://www.suse.com/security/cve/CVE-2016-5165/"},{"category":"self","summary":"SUSE CVE CVE-2016-5166 page","url":"https://www.suse.com/security/cve/CVE-2016-5166/"}],"title":"Security update for Chromium","tracking":{"current_release_date":"2016-09-01T12:42:13Z","generator":{"date":"2016-09-01T12:42:13Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2016:2251-1","initial_release_date":"2016-09-01T12:42:13Z","revision_history":[{"date":"2016-09-01T12:42:13Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"chromedriver-53.0.2785.89-96.1.x86_64","product":{"name":"chromedriver-53.0.2785.89-96.1.x86_64","product_id":"chromedriver-53.0.2785.89-96.1.x86_64"}},{"category":"product_version","name":"chromium-53.0.2785.89-96.1.x86_64","product":{"name":"chromium-53.0.2785.89-96.1.x86_64","product_id":"chromium-53.0.2785.89-96.1.x86_64"}},{"category":"product_version","name":"chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","product":{"name":"chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","product_id":"chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"}},{"category":"product_version","name":"chromium-desktop-kde-53.0.2785.89-96.1.x86_64","product":{"name":"chromium-desktop-kde-53.0.2785.89-96.1.x86_64","product_id":"chromium-desktop-kde-53.0.2785.89-96.1.x86_64"}},{"category":"product_version","name":"chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64","product":{"name":"chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64","product_id":"chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 12","product":{"name":"SUSE Package Hub 12","product_id":"SUSE Package Hub 12","product_identification_helper":{"cpe":"cpe:/o:suse:packagehub:12"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"chromedriver-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64"},"product_reference":"chromedriver-53.0.2785.89-96.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"chromium-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64"},"product_reference":"chromium-53.0.2785.89-96.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"},"product_reference":"chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"chromium-desktop-kde-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64"},"product_reference":"chromium-desktop-kde-53.0.2785.89-96.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12"},{"category":"default_component_of","full_product_name":{"name":"chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12","product_id":"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"},"product_reference":"chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64","relates_to_product_reference":"SUSE Package Hub 12"}]},"vulnerabilities":[{"cve":"CVE-2016-5147","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5147"}],"notes":[{"category":"general","text":"Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5147","url":"https://www.suse.com/security/cve/CVE-2016-5147"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5147","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5147"},{"cve":"CVE-2016-5148","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5148"}],"notes":[{"category":"general","text":"Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5148","url":"https://www.suse.com/security/cve/CVE-2016-5148"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5148","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5148"},{"cve":"CVE-2016-5149","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5149"}],"notes":[{"category":"general","text":"The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5149","url":"https://www.suse.com/security/cve/CVE-2016-5149"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5149","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5149"},{"cve":"CVE-2016-5150","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5150"}],"notes":[{"category":"general","text":"WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5150","url":"https://www.suse.com/security/cve/CVE-2016-5150"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5150","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5150"},{"cve":"CVE-2016-5151","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5151"}],"notes":[{"category":"general","text":"PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5151","url":"https://www.suse.com/security/cve/CVE-2016-5151"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5151","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5151"},{"cve":"CVE-2016-5152","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5152"}],"notes":[{"category":"general","text":"Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5152","url":"https://www.suse.com/security/cve/CVE-2016-5152"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5152","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5152"},{"cve":"CVE-2016-5153","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5153"}],"notes":[{"category":"general","text":"The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5153","url":"https://www.suse.com/security/cve/CVE-2016-5153"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5153","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5153"},{"cve":"CVE-2016-5154","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5154"}],"notes":[{"category":"general","text":"Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5154","url":"https://www.suse.com/security/cve/CVE-2016-5154"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5154","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5154"},{"cve":"CVE-2016-5155","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5155"}],"notes":[{"category":"general","text":"Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5155","url":"https://www.suse.com/security/cve/CVE-2016-5155"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5155","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5155"},{"cve":"CVE-2016-5156","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5156"}],"notes":[{"category":"general","text":"extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5156","url":"https://www.suse.com/security/cve/CVE-2016-5156"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5156","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5156"},{"cve":"CVE-2016-5157","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5157"}],"notes":[{"category":"general","text":"Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5157","url":"https://www.suse.com/security/cve/CVE-2016-5157"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5157","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5157"},{"cve":"CVE-2016-5158","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5158"}],"notes":[{"category":"general","text":"Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5158","url":"https://www.suse.com/security/cve/CVE-2016-5158"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5158","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5158"},{"cve":"CVE-2016-5159","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5159"}],"notes":[{"category":"general","text":"Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5159","url":"https://www.suse.com/security/cve/CVE-2016-5159"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5159","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5159"},{"cve":"CVE-2016-5160","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5160"}],"notes":[{"category":"general","text":"The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5160","url":"https://www.suse.com/security/cve/CVE-2016-5160"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5160","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5160"},{"cve":"CVE-2016-5161","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5161"}],"notes":[{"category":"general","text":"The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5161","url":"https://www.suse.com/security/cve/CVE-2016-5161"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5161","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5161"},{"cve":"CVE-2016-5162","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5162"}],"notes":[{"category":"general","text":"The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5162","url":"https://www.suse.com/security/cve/CVE-2016-5162"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5162","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5162"},{"cve":"CVE-2016-5163","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5163"}],"notes":[{"category":"general","text":"The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5163","url":"https://www.suse.com/security/cve/CVE-2016-5163"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5163","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5163"},{"cve":"CVE-2016-5164","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5164"}],"notes":[{"category":"general","text":"Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5164","url":"https://www.suse.com/security/cve/CVE-2016-5164"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5164","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5164"},{"cve":"CVE-2016-5165","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5165"}],"notes":[{"category":"general","text":"Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5165","url":"https://www.suse.com/security/cve/CVE-2016-5165"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5165","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5165"},{"cve":"CVE-2016-5166","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5166"}],"notes":[{"category":"general","text":"The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5166","url":"https://www.suse.com/security/cve/CVE-2016-5166"},{"category":"external","summary":"SUSE Bug 996648 for CVE-2016-5166","url":"https://bugzilla.suse.com/996648"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":3.1,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.0"},"products":["SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64","SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-09-01T12:42:13Z","details":"important"}],"title":"CVE-2016-5166"}]}