openSUSE-SU-2017:3245-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:3245-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2017:3245-1

Related

CVE-2017-15386
CVE-2017-15387
CVE-2017-15388
CVE-2017-15389
CVE-2017-15390
CVE-2017-15391
CVE-2017-15392
CVE-2017-15393
CVE-2017-15394
CVE-2017-15395
CVE-2017-15396
CVE-2017-15398
CVE-2017-15399
CVE-2017-15408
CVE-2017-15409
CVE-2017-15410
CVE-2017-15411
CVE-2017-15412
CVE-2017-15413
CVE-2017-15415
CVE-2017-15416
CVE-2017-15417
CVE-2017-15418
CVE-2017-15419
CVE-2017-15420
CVE-2017-15422
CVE-2017-15423
CVE-2017-15424
CVE-2017-15425
CVE-2017-15426
CVE-2017-15427
CVE-2017-5124
CVE-2017-5125
CVE-2017-5126
CVE-2017-5127
CVE-2017-5128
CVE-2017-5129
CVE-2017-5130
CVE-2017-5131
CVE-2017-5132
CVE-2017-5133

Published

2017-12-08T07:34:05Z

Modified

2017-12-08T07:34:05Z

Summary

Security update for chromium

Details

This update to Chromium 63.0.3239.84 fixes the following security issues:

CVE-2017-5124: UXSS with MHTML
CVE-2017-5125: Heap overflow in Skia
CVE-2017-5126: Use after free in PDFium
CVE-2017-5127: Use after free in PDFium
CVE-2017-5128: Heap overflow in WebGL
CVE-2017-5129: Use after free in WebAudio
CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
CVE-2017-5130: Heap overflow in libxml2
CVE-2017-5131: Out of bounds write in Skia
CVE-2017-5133: Out of bounds write in Skia
CVE-2017-15386: UI spoofing in Blink
CVE-2017-15387: Content security bypass
CVE-2017-15388: Out of bounds read in Skia
CVE-2017-15389: URL spoofing in OmniBox
CVE-2017-15390: URL spoofing in OmniBox
CVE-2017-15391: Extension limitation bypass in Extensions.
CVE-2017-15392: Incorrect registry key handling in PlatformIntegration
CVE-2017-15393: Referrer leak in Devtools
CVE-2017-15394: URL spoofing in extensions UI
CVE-2017-15395: Null pointer dereference in ImageCapture
CVE-2017-15396: Stack overflow in V8
CVE-2017-15398: Stack buffer overflow in QUIC
CVE-2017-15399: Use after free in V8
CVE-2017-15408: Heap buffer overflow in PDFium
CVE-2017-15409: Out of bounds write in Skia
CVE-2017-15410: Use after free in PDFium
CVE-2017-15411: Use after free in PDFium
CVE-2017-15412: Use after free in libXML
CVE-2017-15413: Type confusion in WebAssembly
CVE-2017-15415: Pointer information disclosure in IPC call
CVE-2017-15416: Out of bounds read in Blink
CVE-2017-15417: Cross origin information disclosure in Skia
CVE-2017-15418: Use of uninitialized value in Skia
CVE-2017-15419: Cross origin leak of redirect URL in Blink
CVE-2017-15420: URL spoofing in Omnibox
CVE-2017-15422: Integer overflow in ICU
CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
CVE-2017-15424: URL Spoof in Omnibox
CVE-2017-15425: URL Spoof in Omnibox
CVE-2017-15426: URL Spoof in Omnibox
CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox

The following tracked bug fixes are included:

sandbox crash fixes (bsc#1064298)

References

Affected packages

SUSE:Package Hub 12 SP2 / chromium

Package

Name: chromium
Purl: purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

63.0.3239.84-40.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "63.0.3239.84-40.1",
            "chromium": "63.0.3239.84-40.1"
        }
    ]
}