Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0271-1 Final 1 1 2016-01-27T17:27:11Z current 2016-01-27T17:27:11Z 2016-01-27T17:27:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 48.0.2564.82 to fix security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-1612: Bad cast in V8 (boo#963184) - CVE-2016-1613: Use-after-free in PDFium (boo#963185) - CVE-2016-1614: Information leak in Blink (boo#963186) - CVE-2016-1615: Origin confusion in Omnibox (boo#963187) - CVE-2016-1616: URL Spoofing (boo#963188) - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189) - CVE-2016-1618: Weak random number generator in Blink (boo#963190) - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191) - CVE-2016-1620 chromium-browser: various fixes (boo#963192) This update also enables SSE2 support on x86_64, VA-API hardware acceleration and fixes a crash when trying to enable the Chromecast extension. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html E-Mail link for openSUSE-SU-2016:0271-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-48.0.2564.82-122.1 chromium-48.0.2564.82-122.1 chromium-desktop-gnome-48.0.2564.82-122.1 chromium-desktop-kde-48.0.2564.82-122.1 chromium-ffmpegsumo-48.0.2564.82-122.1 The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. CVE-2016-1612 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1612.html CVE-2016-1612 https://bugzilla.suse.com/963184 SUSE Bug 963184 Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. CVE-2016-1613 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1613.html CVE-2016-1613 https://bugzilla.suse.com/963185 SUSE Bug 963185 The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2016-1614 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1614.html CVE-2016-1614 https://bugzilla.suse.com/963186 SUSE Bug 963186 The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. CVE-2016-1615 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1615.html CVE-2016-1615 https://bugzilla.suse.com/963187 SUSE Bug 963187 The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. CVE-2016-1616 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1616.html CVE-2016-1616 https://bugzilla.suse.com/963188 SUSE Bug 963188 The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. CVE-2016-1617 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1617.html CVE-2016-1617 https://bugzilla.suse.com/963189 SUSE Bug 963189 Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. CVE-2016-1618 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1618.html CVE-2016-1618 https://bugzilla.suse.com/963190 SUSE Bug 963190 Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. CVE-2016-1619 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1619.html CVE-2016-1619 https://bugzilla.suse.com/963191 SUSE Bug 963191 Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1620 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html https://www.suse.com/security/cve/CVE-2016-1620.html CVE-2016-1620 https://bugzilla.suse.com/963192 SUSE Bug 963192