[Bug 1042833] New: VUL-0: Chromium 59.0.3071.86 stable security bump
http://bugzilla.suse.com/show_bug.cgi?id=1042833 Bug ID: 1042833 Summary: VUL-0: Chromium 59.0.3071.86 stable security bump Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: tchvatal@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- As per https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desk... there is new stable release: [$7500][722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16 [$3000][715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26 [$3000][709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07 [$2000][716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28 [$1000][700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09 [$2000][678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05 [$1000][722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16 [$1000][719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06 [$1000][716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28 [$1000][711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12 [$500][713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20 [$500][708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05 [$N/A][672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07 [$N/A][721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11 [$N/A][714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24 [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1042833
http://bugzilla.suse.com/show_bug.cgi?id=1042833#c1
--- Comment #1 from Bernhard Wiedemann
http://bugzilla.suse.com/show_bug.cgi?id=1042833
http://bugzilla.suse.com/show_bug.cgi?id=1042833#c2
--- Comment #2 from Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=1042833
http://bugzilla.suse.com/show_bug.cgi?id=1042833#c3
--- Comment #3 from Bernhard Wiedemann
http://bugzilla.suse.com/show_bug.cgi?id=1042833
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1042833
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1042833
http://bugzilla.suse.com/show_bug.cgi?id=1042833#c5
--- Comment #5 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1042833
http://bugzilla.suse.com/show_bug.cgi?id=1042833#c6
--- Comment #6 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1042833
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1042833
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com