openSUSE-SU-2017:1993-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:1993-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2017:1993-1
Upstream
  • CVE-2017-5091
  • CVE-2017-5092
  • CVE-2017-5093
  • CVE-2017-5094
  • CVE-2017-5095
  • CVE-2017-5096
  • CVE-2017-5097
  • CVE-2017-5098
  • CVE-2017-5099
  • CVE-2017-5100
  • CVE-2017-5101
  • CVE-2017-5102
  • CVE-2017-5103
  • CVE-2017-5104
  • CVE-2017-5105
  • CVE-2017-5106
  • CVE-2017-5107
  • CVE-2017-5108
  • CVE-2017-5109
  • CVE-2017-5110
  • CVE-2017-7000
Related
  • CVE-2017-5091
  • CVE-2017-5092
  • CVE-2017-5093
  • CVE-2017-5094
  • CVE-2017-5095
  • CVE-2017-5096
  • CVE-2017-5097
  • CVE-2017-5098
  • CVE-2017-5099
  • CVE-2017-5100
  • CVE-2017-5101
  • CVE-2017-5102
  • CVE-2017-5103
  • CVE-2017-5104
  • CVE-2017-5105
  • CVE-2017-5106
  • CVE-2017-5107
  • CVE-2017-5108
  • CVE-2017-5109
  • CVE-2017-5110
  • CVE-2017-7000
Published
2017-07-28T12:59:09Z
Modified
2025-05-07T18:09:43.467695Z
Summary
Security update for chromium
Details

This update Chromium to version 60.0.3112.78 fixes security issue and bugs.

The following security issues were fixed:

  • CVE-2017-5091: Use after free in IndexedDB
  • CVE-2017-5092: Use after free in PPAPI
  • CVE-2017-5093: UI spoofing in Blink
  • CVE-2017-5094: Type confusion in extensions
  • CVE-2017-5095: Out-of-bounds write in PDFium
  • CVE-2017-5096: User information leak via Android intents
  • CVE-2017-5097: Out-of-bounds read in Skia
  • CVE-2017-5098: Use after free in V8
  • CVE-2017-5099: Out-of-bounds write in PPAPI
  • CVE-2017-5100: Use after free in Chrome Apps
  • CVE-2017-5101: URL spoofing in OmniBox
  • CVE-2017-5102: Uninitialized use in Skia
  • CVE-2017-5103: Uninitialized use in Skia
  • CVE-2017-5104: UI spoofing in browser
  • CVE-2017-7000: Pointer disclosure in SQLite
  • CVE-2017-5105: URL spoofing in OmniBox
  • CVE-2017-5106: URL spoofing in OmniBox
  • CVE-2017-5107: User information leak via SVG
  • CVE-2017-5108: Type confusion in PDFium
  • CVE-2017-5109: UI spoofing in browser
  • CVE-2017-5110: UI spoofing in payments dialog
  • Various fixes from internal audits, fuzzing and other initiatives

A number of upstream bugfixes are also included in this release.

References

Affected packages

SUSE:Package Hub 12 SP2 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
60.0.3112.78-26.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "60.0.3112.78-26.1",
            "chromium": "60.0.3112.78-26.1"
        }
    ]
}