Описание
Security update for Chromium
This update to Chromium 54.0.2840.100 fixes the following vulnerabilities:
- CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)
- CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)
- CVE-2016-5201: info leak in extensions (boo#1009894)
- CVE-2016-5202: various fixes from internal audits (boo#1009895)
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2016:2793-1
- SUSE Security Ratings
Описание
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Затронутые продукты
Ссылки
- CVE-2016-5199
- SUSE Bug 1009892
Описание
V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-5200
- SUSE Bug 1009893
Описание
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2016-5201
- SUSE Bug 1009894
Описание
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
Затронутые продукты
Ссылки
- CVE-2016-5202
- SUSE Bug 1009895