This update for chromium fixes the following issues:
Chromium was updated to 78.0.3904.87:
(boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492)
Security issues fixed with this version update:
- CVE-2019-13721: Use-after-free in PDFium
- CVE-2019-13720: Use-after-free in audio
- CVE-2019-13699: Use-after-free in media
- CVE-2019-13700: Buffer overrun in Blink
- CVE-2019-13701: URL spoof in navigation
- CVE-2019-13702: Privilege elevation in Installer
- CVE-2019-13703: URL bar spoofing
- CVE-2019-13704: CSP bypass
- CVE-2019-13705: Extension permission bypass
- CVE-2019-13706: Out-of-bounds read in PDFium
- CVE-2019-13707: File storage disclosure
- CVE-2019-13708: HTTP authentication spoof
- CVE-2019-13709: File download protection bypass
- CVE-2019-13710: File download protection bypass
- CVE-2019-13711: Cross-context information leak
- CVE-2019-15903: Buffer overflow in expat
- CVE-2019-13713: Cross-origin data leak
- CVE-2019-13714: CSS injection
- CVE-2019-13715: Address bar spoofing
- CVE-2019-13716: Service worker state error
- CVE-2019-13717: Notification obscured
- CVE-2019-13718: IDN spoof
- CVE-2019-13719: Notification obscured
- CVE-2019-13693: Use-after-free in IndexedDB
- CVE-2019-13694: Use-after-free in WebRTC
- CVE-2019-13695: Use-after-free in audio
- CVE-2019-13696: Use-after-free in V8
- CVE-2019-13697: Cross-origin size leak.
- CVE-2019-13685: Use-after-free in UI
- CVE-2019-13688: Use-after-free in media
- CVE-2019-13687: Use-after-free in media
- CVE-2019-13686: Use-after-free in offline pages
- CVE-2019-5870: Use-after-free in media
- CVE-2019-5871: Heap overflow in Skia
- CVE-2019-5872: Use-after-free in Mojo
- CVE-2019-5874: External URIs may trigger other browsers
- CVE-2019-5875: URL bar spoof via download redirect
- CVE-2019-5876: Use-after-free in media
- CVE-2019-5877: Out-of-bounds access in V8
- CVE-2019-5878: Use-after-free in V8
- CVE-2019-5879: Extension can bypass same origin policy
- CVE-2019-5880: SameSite cookie bypass
- CVE-2019-5881: Arbitrary read in SwiftShader
- CVE-2019-13659: URL spoof
- CVE-2019-13660: Full screen notification overlap
- CVE-2019-13661: Full screen notification spoof
- CVE-2019-13662: CSP bypass
- CVE-2019-13663: IDN spoof
- CVE-2019-13664: CSRF bypass
- CVE-2019-13665: Multiple file download protection bypass
- CVE-2019-13666: Side channel using storage size estimate
- CVE-2019-13667: URI bar spoof when using external app URIs
- CVE-2019-13668: Global window leak via console
- CVE-2019-13669: HTTP authentication spoof
- CVE-2019-13670: V8 memory corruption in regex
- CVE-2019-13671: Dialog box fails to show origin
- CVE-2019-13673: Cross-origin information leak using devtools
- CVE-2019-13674: IDN spoofing
- CVE-2019-13675: Extensions can be disabled by trailing slash
- CVE-2019-13676: Google URI shown for certificate warning
- CVE-2019-13677: Chrome web store origin needs to be isolated
- CVE-2019-13678: Download dialog spoofing
- CVE-2019-13679: User gesture needed for printing
- CVE-2019-13680: IP address spoofing to servers
- CVE-2019-13681: Bypass on download restrictions
- CVE-2019-13682: Site isolation bypass
- CVE-2019-13683: Exceptions leaked by devtools
- CVE-2019-5869: Use-after-free in Blink
- CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
- CVE-2019-5867: Out-of-bounds read in V8
- CVE-2019-5850: Use-after-free in offline page fetcher
- CVE-2019-5860: Use-after-free in PDFium
- CVE-2019-5853: Memory corruption in regexp length check
- CVE-2019-5851: Use-after-poison in offline audio context
- CVE-2019-5859: res: URIs can load alternative browsers
- CVE-2019-5856: Insufficient checks on filesystem: URI permissions
- CVE-2019-5855: Integer overflow in PDFium
- CVE-2019-5865: Site isolation bypass from compromised renderer
- CVE-2019-5858: Insufficient filtering of Open URL service parameters
- CVE-2019-5864: Insufficient port filtering in CORS for extensions
- CVE-2019-5862: AppCache not robust to compromised renderers
- CVE-2019-5861: Click location incorrectly checked
- CVE-2019-5857: Comparison of -0 and null yields crash
- CVE-2019-5854: Integer overflow in PDFium text rendering
- CVE-2019-5852: Object leak of utility functions