Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2902-1 Final 1 1 2017-10-28T18:52:12Z current 2017-10-28T18:52:12Z 2017-10-28T18:52:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: Null pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html E-Mail link for openSUSE-SU-2017:2902-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 chromedriver-62.0.3202.75-118.1 chromium-62.0.3202.75-118.1 chromedriver-62.0.3202.75-118.1 as a component of openSUSE Leap 42.2 chromium-62.0.3202.75-118.1 as a component of openSUSE Leap 42.2 chromedriver-62.0.3202.75-118.1 as a component of openSUSE Leap 42.3 chromium-62.0.3202.75-118.1 as a component of openSUSE Leap 42.3 Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-15386 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15386.html CVE-2017-15386 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. CVE-2017-15387 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15387.html CVE-2017-15387 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-15388 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15388.html CVE-2017-15388 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-15389 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15389.html CVE-2017-15389 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-15390 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15390.html CVE-2017-15390 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. CVE-2017-15391 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15391.html CVE-2017-15391 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. CVE-2017-15392 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15392.html CVE-2017-15392 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. CVE-2017-15393 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15393.html CVE-2017-15393 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. CVE-2017-15394 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15394.html CVE-2017-15394 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. CVE-2017-15395 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15395.html CVE-2017-15395 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15396 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-15396.html CVE-2017-15396 https://bugzilla.suse.com/1065405 SUSE Bug 1065405 Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. CVE-2017-5124 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5124.html CVE-2017-5124 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5125 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5125.html CVE-2017-5125 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-5126 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5126.html CVE-2017-5126 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-5127 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5127.html CVE-2017-5127 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. CVE-2017-5128 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5128.html CVE-2017-5128 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5129 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5129.html CVE-2017-5129 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. CVE-2017-5130 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5130.html CVE-2017-5130 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 https://bugzilla.suse.com/1078806 SUSE Bug 1078806 https://bugzilla.suse.com/1123129 SUSE Bug 1123129 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. CVE-2017-5131 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5131.html CVE-2017-5131 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. CVE-2017-5132 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5132.html CVE-2017-5132 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. CVE-2017-5133 openSUSE Leap 42.2:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.2:chromium-62.0.3202.75-118.1 openSUSE Leap 42.3:chromedriver-62.0.3202.75-118.1 openSUSE Leap 42.3:chromium-62.0.3202.75-118.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00084.html https://www.suse.com/security/cve/CVE-2017-5133.html CVE-2017-5133 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089