Описание
Security update for Chromium
Chromium was updated to 47.0.2526.80 to fix security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2015-6788: Type confusion in extensions
- CVE-2015-6789: Use-after-free in Blink
- CVE-2015-6790: Escaping issue in saved pages
- CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives
The following vulnerabilities were fixed in 47.0.2526.73:
- CVE-2015-6765: Use-after-free in AppCache
- CVE-2015-6766: Use-after-free in AppCache
- CVE-2015-6767: Use-after-free in AppCache
- CVE-2015-6768: Cross-origin bypass in DOM
- CVE-2015-6769: Cross-origin bypass in core
- CVE-2015-6770: Cross-origin bypass in DOM
- CVE-2015-6771: Out of bounds access in v8
- CVE-2015-6772: Cross-origin bypass in DOM
- CVE-2015-6764: Out of bounds access in v8
- CVE-2015-6773: Out of bounds access in Skia
- CVE-2015-6774: Use-after-free in Extensions
- CVE-2015-6775: Type confusion in PDFium
- CVE-2015-6776: Out of bounds access in PDFium
- CVE-2015-6777: Use-after-free in DOM
- CVE-2015-6778: Out of bounds access in PDFium
- CVE-2015-6779: Scheme bypass in PDFium
- CVE-2015-6780: Use-after-free in Infobars
- CVE-2015-6781: Integer overflow in Sfntly
- CVE-2015-6782: Content spoofing in Omnibox
- CVE-2015-6783: Signature validation issue in Android Crazy Linker.
- CVE-2015-6784: Escaping issue in saved pages
- CVE-2015-6785: Wildcard matching issue in CSP
- CVE-2015-6786: Scheme bypass in CSP
- CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2291-1
- SUSE Security Ratings
Описание
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2015-6764
- SUSE Bug 956902
- SUSE Bug 957519
Описание
Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.
Затронутые продукты
Ссылки
- CVE-2015-6765
- SUSE Bug 957519
Описание
Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection.
Затронутые продукты
Ссылки
- CVE-2015-6766
- SUSE Bug 957519
Описание
Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance associated with certain callbacks.
Затронутые продукты
Ссылки
- CVE-2015-6767
- SUSE Bug 957519
Описание
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.
Затронутые продукты
Ссылки
- CVE-2015-6768
- SUSE Bug 957519
Описание
The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.
Затронутые продукты
Ссылки
- CVE-2015-6769
- SUSE Bug 957519
Описание
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.
Затронутые продукты
Ссылки
- CVE-2015-6770
- SUSE Bug 957519
Описание
js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2015-6771
- SUSE Bug 957519
Описание
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.
Затронутые продукты
Ссылки
- CVE-2015-6772
- SUSE Bug 957519
Описание
The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data.
Затронутые продукты
Ссылки
- CVE-2015-6773
- SUSE Bug 957519
Описание
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that modifies a pointer used for reporting loadTimes data.
Затронутые продукты
Ссылки
- CVE-2015-6774
- SUSE Bug 957519
Описание
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Затронутые продукты
Ссылки
- CVE-2015-6775
- SUSE Bug 957519
Описание
The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform.
Затронутые продукты
Ссылки
- CVE-2015-6776
- SUSE Bug 957519
Описание
Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions.
Затронутые продукты
Ссылки
- CVE-2015-6777
- SUSE Bug 957519
Описание
The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression.
Затронутые продукты
Ссылки
- CVE-2015-6778
- SUSE Bug 957519
Описание
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.
Затронутые продукты
Ссылки
- CVE-2015-6779
- SUSE Bug 957519
Описание
Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc.
Затронутые продукты
Ссылки
- CVE-2015-6780
- SUSE Bug 957519
Описание
Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container.
Затронутые продукты
Ссылки
- CVE-2015-6781
- SUSE Bug 957519
Описание
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2015-6782
- SUSE Bug 957519
Описание
The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.
Затронутые продукты
Ссылки
- CVE-2015-6783
- SUSE Bug 957519
Описание
The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring.
Затронутые продукты
Ссылки
- CVE-2015-6784
- SUSE Bug 957519
Описание
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.
Затронутые продукты
Ссылки
- CVE-2015-6785
- SUSE Bug 957519
Описание
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.
Затронутые продукты
Ссылки
- CVE-2015-6786
- SUSE Bug 957519
Описание
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-6787
- SUSE Bug 957519
Описание
The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Затронутые продукты
Ссылки
- CVE-2015-6788
- SUSE Bug 957519
- SUSE Bug 958481
Описание
Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.
Затронутые продукты
Ссылки
- CVE-2015-6789
- SUSE Bug 957519
- SUSE Bug 958481
Описание
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.
Затронутые продукты
Ссылки
- CVE-2015-6790
- SUSE Bug 957519
- SUSE Bug 958481
Описание
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-6791
- SUSE Bug 957519
- SUSE Bug 958481