SUSE Package Hub - openSUSE-2016-900

Update Info

openSUSE-2016-900

Security update for Chromium

Type: security

Severity: important

Issued: 2016-07-25

Description:

Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901):

- CVE-2016-1706: Sandbox escape in PPAPI
- CVE-2016-1707: URL spoofing on iOS
- CVE-2016-1708: Use-after-free in Extensions
- CVE-2016-1709: Heap-buffer-overflow in sfntly
- CVE-2016-1710: Same-origin bypass in Blink
- CVE-2016-1711: Same-origin bypass in Blink
- CVE-2016-5127: Use-after-free in Blink
- CVE-2016-5128: Same-origin bypass in V8
- CVE-2016-5129: Memory corruption in V8
- CVE-2016-5130: URL spoofing
- CVE-2016-5131: Use-after-free in libxml
- CVE-2016-5132: Limited same-origin bypass in Service Workers
- CVE-2016-5133: Origin confusion in proxy authentication
- CVE-2016-5134: URL leakage via PAC script
- CVE-2016-5135: Content-Security-Policy bypass
- CVE-2016-5136: Use after free in extensions
- CVE-2016-5137: History sniffing with HSTS and CSP
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives

References

CVE: CVE-2016-5137
CVE: CVE-2016-5136
CVE: CVE-2016-5135
CVE: CVE-2016-5134
CVE: CVE-2016-5133
CVE: CVE-2016-5132
CVE: CVE-2016-5131
CVE: CVE-2016-5130
CVE: CVE-2016-5129
CVE: CVE-2016-5128
CVE: CVE-2016-5127
CVE: CVE-2016-1711
CVE: CVE-2016-1710
CVE: CVE-2016-1709
CVE: CVE-2016-1708
CVE: CVE-2016-1707
CVE: CVE-2016-1706
CVE: CVE-2016-1705
Bugzilla: 989901 VUL-0: New Chromium release 52.0.2743.82 available that includes 48 security fixes

Packages

chromium-52.0.2743.82-89.1