openSUSE-SU-2019:2447-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:2447-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:2447-1
Related
Published
2019-11-06T17:25:26Z
Modified
2019-11-06T17:25:26Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium was updated to 78.0.3904.87: (boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492)

Security issues fixed with this version update:

  • CVE-2019-13721: Use-after-free in PDFium
  • CVE-2019-13720: Use-after-free in audio
  • CVE-2019-13699: Use-after-free in media
  • CVE-2019-13700: Buffer overrun in Blink
  • CVE-2019-13701: URL spoof in navigation
  • CVE-2019-13702: Privilege elevation in Installer
  • CVE-2019-13703: URL bar spoofing
  • CVE-2019-13704: CSP bypass
  • CVE-2019-13705: Extension permission bypass
  • CVE-2019-13706: Out-of-bounds read in PDFium
  • CVE-2019-13707: File storage disclosure
  • CVE-2019-13708: HTTP authentication spoof
  • CVE-2019-13709: File download protection bypass
  • CVE-2019-13710: File download protection bypass
  • CVE-2019-13711: Cross-context information leak
  • CVE-2019-15903: Buffer overflow in expat
  • CVE-2019-13713: Cross-origin data leak
  • CVE-2019-13714: CSS injection
  • CVE-2019-13715: Address bar spoofing
  • CVE-2019-13716: Service worker state error
  • CVE-2019-13717: Notification obscured
  • CVE-2019-13718: IDN spoof
  • CVE-2019-13719: Notification obscured
  • CVE-2019-13693: Use-after-free in IndexedDB
  • CVE-2019-13694: Use-after-free in WebRTC
  • CVE-2019-13695: Use-after-free in audio
  • CVE-2019-13696: Use-after-free in V8
  • CVE-2019-13697: Cross-origin size leak.
  • CVE-2019-13685: Use-after-free in UI
  • CVE-2019-13688: Use-after-free in media
  • CVE-2019-13687: Use-after-free in media
  • CVE-2019-13686: Use-after-free in offline pages
  • CVE-2019-5870: Use-after-free in media
  • CVE-2019-5871: Heap overflow in Skia
  • CVE-2019-5872: Use-after-free in Mojo
  • CVE-2019-5874: External URIs may trigger other browsers
  • CVE-2019-5875: URL bar spoof via download redirect
  • CVE-2019-5876: Use-after-free in media
  • CVE-2019-5877: Out-of-bounds access in V8
  • CVE-2019-5878: Use-after-free in V8
  • CVE-2019-5879: Extension can bypass same origin policy
  • CVE-2019-5880: SameSite cookie bypass
  • CVE-2019-5881: Arbitrary read in SwiftShader
  • CVE-2019-13659: URL spoof
  • CVE-2019-13660: Full screen notification overlap
  • CVE-2019-13661: Full screen notification spoof
  • CVE-2019-13662: CSP bypass
  • CVE-2019-13663: IDN spoof
  • CVE-2019-13664: CSRF bypass
  • CVE-2019-13665: Multiple file download protection bypass
  • CVE-2019-13666: Side channel using storage size estimate
  • CVE-2019-13667: URI bar spoof when using external app URIs
  • CVE-2019-13668: Global window leak via console
  • CVE-2019-13669: HTTP authentication spoof
  • CVE-2019-13670: V8 memory corruption in regex
  • CVE-2019-13671: Dialog box fails to show origin
  • CVE-2019-13673: Cross-origin information leak using devtools
  • CVE-2019-13674: IDN spoofing
  • CVE-2019-13675: Extensions can be disabled by trailing slash
  • CVE-2019-13676: Google URI shown for certificate warning
  • CVE-2019-13677: Chrome web store origin needs to be isolated
  • CVE-2019-13678: Download dialog spoofing
  • CVE-2019-13679: User gesture needed for printing
  • CVE-2019-13680: IP address spoofing to servers
  • CVE-2019-13681: Bypass on download restrictions
  • CVE-2019-13682: Site isolation bypass
  • CVE-2019-13683: Exceptions leaked by devtools
  • CVE-2019-5869: Use-after-free in Blink
  • CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
  • CVE-2019-5867: Out-of-bounds read in V8
  • CVE-2019-5850: Use-after-free in offline page fetcher
  • CVE-2019-5860: Use-after-free in PDFium
  • CVE-2019-5853: Memory corruption in regexp length check
  • CVE-2019-5851: Use-after-poison in offline audio context
  • CVE-2019-5859: res: URIs can load alternative browsers
  • CVE-2019-5856: Insufficient checks on filesystem: URI permissions
  • CVE-2019-5855: Integer overflow in PDFium
  • CVE-2019-5865: Site isolation bypass from compromised renderer
  • CVE-2019-5858: Insufficient filtering of Open URL service parameters
  • CVE-2019-5864: Insufficient port filtering in CORS for extensions
  • CVE-2019-5862: AppCache not robust to compromised renderers
  • CVE-2019-5861: Click location incorrectly checked
  • CVE-2019-5857: Comparison of -0 and null yields crash
  • CVE-2019-5854: Integer overflow in PDFium text rendering
  • CVE-2019-5852: Object leak of utility functions
References

Affected packages

SUSE:Package Hub 12 SP3 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
78.0.3904.87-10.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "78.0.3904.87-10.1",
            "chromium": "78.0.3904.87-10.1"
        }
    ]
}