Описание
Security update for Chromium
Chromium was updated to 48.0.2564.82 to fix security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2016-1612: Bad cast in V8 (boo#963184)
- CVE-2016-1613: Use-after-free in PDFium (boo#963185)
- CVE-2016-1614: Information leak in Blink (boo#963186)
- CVE-2016-1615: Origin confusion in Omnibox (boo#963187)
- CVE-2016-1616: URL Spoofing (boo#963188)
- CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)
- CVE-2016-1618: Weak random number generator in Blink (boo#963190)
- CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)
- CVE-2016-1620 chromium-browser: various fixes (boo#963192)
This update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0249-1
- SUSE Security Ratings
Описание
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2016-1612
- SUSE Bug 963184
Описание
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects.
Затронутые продукты
Ссылки
- CVE-2016-1613
- SUSE Bug 963185
Описание
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-1614
- SUSE Bug 963186
Описание
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-1615
- SUSE Bug 963187
Описание
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.
Затронутые продукты
Ссылки
- CVE-2016-1616
- SUSE Bug 963188
Описание
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.
Затронутые продукты
Ссылки
- CVE-2016-1617
- SUSE Bug 963189
Описание
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2016-1618
- SUSE Bug 963190
Описание
Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2016-1619
- SUSE Bug 963191
Описание
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-1620
- SUSE Bug 963192