Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1873-1 Final 1 1 2015-09-14T15:10:35Z current 2015-09-14T15:10:35Z 2015-09-14T15:10:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to the 45.0.2454.85 of the stable channel to fix multiple security issues. The following vulnerabilities were fixed: * CVE-2015-1291: Cross-origin bypass in DOM * CVE-2015-1292: Cross-origin bypass in ServiceWorker * CVE-2015-1293: Cross-origin bypass in DOM * CVE-2015-1294: Use-after-free in Skia * CVE-2015-1295: Use-after-free in Printing * CVE-2015-1296: Character spoofing in omnibox * CVE-2015-1297: Permission scoping error in WebRequest * CVE-2015-1298: URL validation error in extensions * CVE-2015-1299: Use-after-free in Blink * CVE-2015-1300: Information leak in Blink * CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html E-Mail link for openSUSE-SU-2015:1873-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-45.0.2454.85-98.1 chromium-45.0.2454.85-98.1 chromium-desktop-gnome-45.0.2454.85-98.1 chromium-desktop-kde-45.0.2454.85-98.1 chromium-ffmpegsumo-45.0.2454.85-98.1 The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. CVE-2015-1291 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1291.html CVE-2015-1291 https://bugzilla.suse.com/944144 SUSE Bug 944144 https://bugzilla.suse.com/959178 SUSE Bug 959178 The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. CVE-2015-1292 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1292.html CVE-2015-1292 https://bugzilla.suse.com/944144 SUSE Bug 944144 https://bugzilla.suse.com/959178 SUSE Bug 959178 The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2015-1293 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1293.html CVE-2015-1293 https://bugzilla.suse.com/944144 SUSE Bug 944144 Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. CVE-2015-1294 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1294.html CVE-2015-1294 https://bugzilla.suse.com/944144 SUSE Bug 944144 https://bugzilla.suse.com/959178 SUSE Bug 959178 Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. CVE-2015-1295 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1295.html CVE-2015-1295 https://bugzilla.suse.com/944144 SUSE Bug 944144 The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. CVE-2015-1296 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1296.html CVE-2015-1296 https://bugzilla.suse.com/944144 SUSE Bug 944144 The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. CVE-2015-1297 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1297.html CVE-2015-1297 https://bugzilla.suse.com/944144 SUSE Bug 944144 The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. CVE-2015-1298 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1298.html CVE-2015-1298 https://bugzilla.suse.com/944144 SUSE Bug 944144 Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. CVE-2015-1299 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1299.html CVE-2015-1299 https://bugzilla.suse.com/944144 SUSE Bug 944144 The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. CVE-2015-1300 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1300.html CVE-2015-1300 https://bugzilla.suse.com/944144 SUSE Bug 944144 Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-1301 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html https://www.suse.com/security/cve/CVE-2015-1301.html CVE-2015-1301 https://bugzilla.suse.com/944144 SUSE Bug 944144