openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2447-1 Rating: important References: #1143492 #1144625 #1145242 #1146219 #1149143 #1150425 #1151229 #1153660 #1154806 #1155643 Cross-References: CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-15903 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5863 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-5881 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 86 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium was updated to 78.0.3904.87: (boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492) Security issues fixed with this version update: * CVE-2019-13721: Use-after-free in PDFium * CVE-2019-13720: Use-after-free in audio * CVE-2019-13699: Use-after-free in media * CVE-2019-13700: Buffer overrun in Blink * CVE-2019-13701: URL spoof in navigation * CVE-2019-13702: Privilege elevation in Installer * CVE-2019-13703: URL bar spoofing * CVE-2019-13704: CSP bypass * CVE-2019-13705: Extension permission bypass * CVE-2019-13706: Out-of-bounds read in PDFium * CVE-2019-13707: File storage disclosure * CVE-2019-13708: HTTP authentication spoof * CVE-2019-13709: File download protection bypass * CVE-2019-13710: File download protection bypass * CVE-2019-13711: Cross-context information leak * CVE-2019-15903: Buffer overflow in expat * CVE-2019-13713: Cross-origin data leak * CVE-2019-13714: CSS injection * CVE-2019-13715: Address bar spoofing * CVE-2019-13716: Service worker state error * CVE-2019-13717: Notification obscured * CVE-2019-13718: IDN spoof * CVE-2019-13719: Notification obscured * CVE-2019-13693: Use-after-free in IndexedDB * CVE-2019-13694: Use-after-free in WebRTC * CVE-2019-13695: Use-after-free in audio * CVE-2019-13696: Use-after-free in V8 * CVE-2019-13697: Cross-origin size leak. * CVE-2019-13685: Use-after-free in UI * CVE-2019-13688: Use-after-free in media * CVE-2019-13687: Use-after-free in media * CVE-2019-13686: Use-after-free in offline pages * CVE-2019-5870: Use-after-free in media * CVE-2019-5871: Heap overflow in Skia * CVE-2019-5872: Use-after-free in Mojo * CVE-2019-5874: External URIs may trigger other browsers * CVE-2019-5875: URL bar spoof via download redirect * CVE-2019-5876: Use-after-free in media * CVE-2019-5877: Out-of-bounds access in V8 * CVE-2019-5878: Use-after-free in V8 * CVE-2019-5879: Extension can bypass same origin policy * CVE-2019-5880: SameSite cookie bypass * CVE-2019-5881: Arbitrary read in SwiftShader * CVE-2019-13659: URL spoof * CVE-2019-13660: Full screen notification overlap * CVE-2019-13661: Full screen notification spoof * CVE-2019-13662: CSP bypass * CVE-2019-13663: IDN spoof * CVE-2019-13664: CSRF bypass * CVE-2019-13665: Multiple file download protection bypass * CVE-2019-13666: Side channel using storage size estimate * CVE-2019-13667: URI bar spoof when using external app URIs * CVE-2019-13668: Global window leak via console * CVE-2019-13669: HTTP authentication spoof * CVE-2019-13670: V8 memory corruption in regex * CVE-2019-13671: Dialog box fails to show origin * CVE-2019-13673: Cross-origin information leak using devtools * CVE-2019-13674: IDN spoofing * CVE-2019-13675: Extensions can be disabled by trailing slash * CVE-2019-13676: Google URI shown for certificate warning * CVE-2019-13677: Chrome web store origin needs to be isolated * CVE-2019-13678: Download dialog spoofing * CVE-2019-13679: User gesture needed for printing * CVE-2019-13680: IP address spoofing to servers * CVE-2019-13681: Bypass on download restrictions * CVE-2019-13682: Site isolation bypass * CVE-2019-13683: Exceptions leaked by devtools * CVE-2019-5869: Use-after-free in Blink * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction * CVE-2019-5867: Out-of-bounds read in V8 * CVE-2019-5850: Use-after-free in offline page fetcher * CVE-2019-5860: Use-after-free in PDFium * CVE-2019-5853: Memory corruption in regexp length check * CVE-2019-5851: Use-after-poison in offline audio context * CVE-2019-5859: res: URIs can load alternative browsers * CVE-2019-5856: Insufficient checks on filesystem: URI permissions * CVE-2019-5855: Integer overflow in PDFium * CVE-2019-5865: Site isolation bypass from compromised renderer * CVE-2019-5858: Insufficient filtering of Open URL service parameters * CVE-2019-5864: Insufficient port filtering in CORS for extensions * CVE-2019-5862: AppCache not robust to compromised renderers * CVE-2019-5861: Click location incorrectly checked * CVE-2019-5857: Comparison of -0 and null yields crash * CVE-2019-5854: Integer overflow in PDFium text rendering * CVE-2019-5852: Object leak of utility functions Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2019-2447=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 x86_64): chromedriver-78.0.3904.87-10.1 chromium-78.0.3904.87-10.1 References: https://www.suse.com/security/cve/CVE-2019-13659.html https://www.suse.com/security/cve/CVE-2019-13660.html https://www.suse.com/security/cve/CVE-2019-13661.html https://www.suse.com/security/cve/CVE-2019-13662.html https://www.suse.com/security/cve/CVE-2019-13663.html https://www.suse.com/security/cve/CVE-2019-13664.html https://www.suse.com/security/cve/CVE-2019-13665.html https://www.suse.com/security/cve/CVE-2019-13666.html https://www.suse.com/security/cve/CVE-2019-13667.html https://www.suse.com/security/cve/CVE-2019-13668.html https://www.suse.com/security/cve/CVE-2019-13669.html https://www.suse.com/security/cve/CVE-2019-13670.html https://www.suse.com/security/cve/CVE-2019-13671.html https://www.suse.com/security/cve/CVE-2019-13673.html https://www.suse.com/security/cve/CVE-2019-13674.html https://www.suse.com/security/cve/CVE-2019-13675.html https://www.suse.com/security/cve/CVE-2019-13676.html https://www.suse.com/security/cve/CVE-2019-13677.html https://www.suse.com/security/cve/CVE-2019-13678.html https://www.suse.com/security/cve/CVE-2019-13679.html https://www.suse.com/security/cve/CVE-2019-13680.html https://www.suse.com/security/cve/CVE-2019-13681.html https://www.suse.com/security/cve/CVE-2019-13682.html https://www.suse.com/security/cve/CVE-2019-13683.html https://www.suse.com/security/cve/CVE-2019-13685.html https://www.suse.com/security/cve/CVE-2019-13686.html https://www.suse.com/security/cve/CVE-2019-13687.html https://www.suse.com/security/cve/CVE-2019-13688.html https://www.suse.com/security/cve/CVE-2019-13693.html https://www.suse.com/security/cve/CVE-2019-13694.html https://www.suse.com/security/cve/CVE-2019-13695.html https://www.suse.com/security/cve/CVE-2019-13696.html https://www.suse.com/security/cve/CVE-2019-13697.html https://www.suse.com/security/cve/CVE-2019-13699.html https://www.suse.com/security/cve/CVE-2019-13700.html https://www.suse.com/security/cve/CVE-2019-13701.html https://www.suse.com/security/cve/CVE-2019-13702.html https://www.suse.com/security/cve/CVE-2019-13703.html https://www.suse.com/security/cve/CVE-2019-13704.html https://www.suse.com/security/cve/CVE-2019-13705.html https://www.suse.com/security/cve/CVE-2019-13706.html https://www.suse.com/security/cve/CVE-2019-13707.html https://www.suse.com/security/cve/CVE-2019-13708.html https://www.suse.com/security/cve/CVE-2019-13709.html https://www.suse.com/security/cve/CVE-2019-13710.html https://www.suse.com/security/cve/CVE-2019-13711.html https://www.suse.com/security/cve/CVE-2019-13713.html https://www.suse.com/security/cve/CVE-2019-13714.html https://www.suse.com/security/cve/CVE-2019-13715.html https://www.suse.com/security/cve/CVE-2019-13716.html https://www.suse.com/security/cve/CVE-2019-13717.html https://www.suse.com/security/cve/CVE-2019-13718.html https://www.suse.com/security/cve/CVE-2019-13719.html https://www.suse.com/security/cve/CVE-2019-13720.html https://www.suse.com/security/cve/CVE-2019-13721.html https://www.suse.com/security/cve/CVE-2019-15903.html https://www.suse.com/security/cve/CVE-2019-5850.html https://www.suse.com/security/cve/CVE-2019-5851.html https://www.suse.com/security/cve/CVE-2019-5852.html https://www.suse.com/security/cve/CVE-2019-5853.html https://www.suse.com/security/cve/CVE-2019-5854.html https://www.suse.com/security/cve/CVE-2019-5855.html https://www.suse.com/security/cve/CVE-2019-5856.html https://www.suse.com/security/cve/CVE-2019-5857.html https://www.suse.com/security/cve/CVE-2019-5858.html https://www.suse.com/security/cve/CVE-2019-5859.html https://www.suse.com/security/cve/CVE-2019-5860.html https://www.suse.com/security/cve/CVE-2019-5861.html https://www.suse.com/security/cve/CVE-2019-5862.html https://www.suse.com/security/cve/CVE-2019-5863.html https://www.suse.com/security/cve/CVE-2019-5864.html https://www.suse.com/security/cve/CVE-2019-5865.html https://www.suse.com/security/cve/CVE-2019-5867.html https://www.suse.com/security/cve/CVE-2019-5868.html https://www.suse.com/security/cve/CVE-2019-5869.html https://www.suse.com/security/cve/CVE-2019-5870.html https://www.suse.com/security/cve/CVE-2019-5871.html https://www.suse.com/security/cve/CVE-2019-5872.html https://www.suse.com/security/cve/CVE-2019-5874.html https://www.suse.com/security/cve/CVE-2019-5875.html https://www.suse.com/security/cve/CVE-2019-5876.html https://www.suse.com/security/cve/CVE-2019-5877.html https://www.suse.com/security/cve/CVE-2019-5878.html https://www.suse.com/security/cve/CVE-2019-5879.html https://www.suse.com/security/cve/CVE-2019-5880.html https://www.suse.com/security/cve/CVE-2019-5881.html https://bugzilla.suse.com/1143492 https://bugzilla.suse.com/1144625 https://bugzilla.suse.com/1145242 https://bugzilla.suse.com/1146219 https://bugzilla.suse.com/1149143 https://bugzilla.suse.com/1150425 https://bugzilla.suse.com/1151229 https://bugzilla.suse.com/1153660 https://bugzilla.suse.com/1154806 https://bugzilla.suse.com/1155643 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org