Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1666-1

Опубликовано: 28 июн. 2019
Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issues:

Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287):

  • CVE-2019-5842: Use-after-free in Blink.

Also updated to 75.0.3770.80 boo#1137332:

  • CVE-2019-5828: Use after free in ServiceWorker
  • CVE-2019-5829: Use after free in Download Manager
  • CVE-2019-5830: Incorrectly credentialed requests in CORS
  • CVE-2019-5831: Incorrect map processing in V8
  • CVE-2019-5832: Incorrect CORS handling in XHR
  • CVE-2019-5833: Inconsistent security UI placemen
  • CVE-2019-5835: Out of bounds read in Swiftshader
  • CVE-2019-5836: Heap buffer overflow in Angle
  • CVE-2019-5837: Cross-origin resources size disclosure in Appcache
  • CVE-2019-5838: Overly permissive tab access in Extensions
  • CVE-2019-5839: Incorrect handling of certain code points in Blink
  • CVE-2019-5840: Popup blocker bypass
  • Various fixes from internal audits, fuzzing and other initiatives
  • CVE-2019-5834: URL spoof in Omnibox on iOS

Update to 74.0.3729.169:

  • Feature fixes update only

Update to 74.0.3729.157:

  • Various security fixes from internal audits, fuzzing and other initiatives

Includes security fixes from 74.0.3729.131 (boo#1134218):

  • CVE-2019-5827: Out-of-bounds access in SQLite
  • CVE-2019-5824: Parameter passing error in media player

Update to 74.0.3729.108 boo#1133313:

  • CVE-2019-5805: Use after free in PDFium
  • CVE-2019-5806: Integer overflow in Angle
  • CVE-2019-5807: Memory corruption in V8
  • CVE-2019-5808: Use after free in Blink
  • CVE-2019-5809: Use after free in Blink
  • CVE-2019-5810: User information disclosure in Autofill
  • CVE-2019-5811: CORS bypass in Blink
  • CVE-2019-5813: Out of bounds read in V8
  • CVE-2019-5814: CORS bypass in Blink
  • CVE-2019-5815: Heap buffer overflow in Blink
  • CVE-2019-5818: Uninitialized value in media reader
  • CVE-2019-5819: Incorrect escaping in developer tools
  • CVE-2019-5820: Integer overflow in PDFium
  • CVE-2019-5821: Integer overflow in PDFium
  • CVE-2019-5822: CORS bypass in download manager
  • CVE-2019-5823: Forced navigation from service worker
  • CVE-2019-5812: URL spoof in Omnibox on iOS
  • CVE-2019-5816: Exploit persistence extension on Android
  • CVE-2019-5817: Heap buffer overflow in Angle on Windows

Update to 73.0.3686.103:

  • Various feature fixes

Update to 73.0.3683.86:

  • Just feature fixes around
  • Update conditions to use system harfbuzz on TW+
  • Require java during build
  • Enable using pipewire when available
  • Rebase chromium-vaapi.patch to match up the Fedora one

Update to 73.0.3683.75 boo#1129059:

  • CVE-2019-5787: Use after free in Canvas.
  • CVE-2019-5788: Use after free in FileAPI.
  • CVE-2019-5789: Use after free in WebMIDI.
  • CVE-2019-5790: Heap buffer overflow in V8.
  • CVE-2019-5791: Type confusion in V8.
  • CVE-2019-5792: Integer overflow in PDFium.
  • CVE-2019-5793: Excessive permissions for private API in Extensions.
  • CVE-2019-5794: Security UI spoofing.
  • CVE-2019-5795: Integer overflow in PDFium.
  • CVE-2019-5796: Race condition in Extensions.
  • CVE-2019-5797: Race condition in DOMStorage.
  • CVE-2019-5798: Out of bounds read in Skia.
  • CVE-2019-5799: CSP bypass with blob URL.
  • CVE-2019-5800: CSP bypass with blob URL.
  • CVE-2019-5801: Incorrect Omnibox display on iOS.
  • CVE-2019-5802: Security UI spoofing.
  • CVE-2019-5803: CSP bypass with Javascript URLs'.
  • CVE-2019-5804: Command line command injection on Windows.

Список пакетов

SUSE Package Hub 12 SP3
chromedriver-75.0.3770.90-bp150.213.3
chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15
chromedriver-75.0.3770.90-bp150.213.3
chromium-75.0.3770.90-bp150.213.3
openSUSE Leap 15.0
chromedriver-75.0.3770.90-bp150.213.3
chromium-75.0.3770.90-bp150.213.3
openSUSE Leap 15.1
chromedriver-75.0.3770.90-bp150.213.3
chromium-75.0.3770.90-bp150.213.3

Ссылки

Описание

Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки

Описание

Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты
SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3
SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3
Ссылки