Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0204-1 Final 1 1 2019-03-23T11:00:36Z current 2019-03-23T11:00:36Z 2019-03-23T11:00:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for Chromium to version 72.0.3626.96 fixes the following issues: Security issues fixed (bsc#1123641 and bsc#1124936): - CVE-2019-5784: Inappropriate implementation in V8 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8. - CVE-2019-5755: Inappropriate implementation in V8. - CVE-2019-5756: Use after free in PDFium. - CVE-2019-5757: Type Confusion in SVG. - CVE-2019-5758: Use after free in Blink. - CVE-2019-5759: Use after free in HTML select elements. - CVE-2019-5760: Use after free in WebRTC. - CVE-2019-5761: Use after free in SwiftShader. - CVE-2019-5762: Use after free in PDFium. - CVE-2019-5763: Insufficient validation of untrusted input in V8. - CVE-2019-5764: Use after free in WebRTC. - CVE-2019-5765: Insufficient policy enforcement in the browser. - CVE-2019-5766: Insufficient policy enforcement in Canvas. - CVE-2019-5767: Incorrect security UI in WebAPKs. - CVE-2019-5768: Insufficient policy enforcement in DevTools. - CVE-2019-5769: Insufficient validation of untrusted input in Blink. - CVE-2019-5770: Heap buffer overflow in WebGL. - CVE-2019-5771: Heap buffer overflow in SwiftShader. - CVE-2019-5772: Use after free in PDFium. - CVE-2019-5773: Insufficient data validation in IndexedDB. - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. - CVE-2019-5775: Insufficient policy enforcement in Omnibox. - CVE-2019-5776: Insufficient policy enforcement in Omnibox. - CVE-2019-5777: Insufficient policy enforcement in Omnibox. - CVE-2019-5778: Insufficient policy enforcement in Extensions. - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. - CVE-2019-5780: Insufficient policy enforcement. - CVE-2019-5781: Insufficient policy enforcement in Omnibox. For a full list of changes refer to https://chromereleases.googleblog.com/2019/02/stable-channel-update-for-desktop.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-204 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html E-Mail link for openSUSE-SU-2019:0204-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1123641 SUSE Bug 1123641 https://bugzilla.suse.com/1124936 SUSE Bug 1124936 https://www.suse.com/security/cve/CVE-2019-5754/ SUSE CVE CVE-2019-5754 page https://www.suse.com/security/cve/CVE-2019-5755/ SUSE CVE CVE-2019-5755 page https://www.suse.com/security/cve/CVE-2019-5756/ SUSE CVE CVE-2019-5756 page https://www.suse.com/security/cve/CVE-2019-5757/ SUSE CVE CVE-2019-5757 page https://www.suse.com/security/cve/CVE-2019-5758/ SUSE CVE CVE-2019-5758 page https://www.suse.com/security/cve/CVE-2019-5759/ SUSE CVE CVE-2019-5759 page https://www.suse.com/security/cve/CVE-2019-5760/ SUSE CVE CVE-2019-5760 page https://www.suse.com/security/cve/CVE-2019-5761/ SUSE CVE CVE-2019-5761 page https://www.suse.com/security/cve/CVE-2019-5762/ SUSE CVE CVE-2019-5762 page https://www.suse.com/security/cve/CVE-2019-5763/ SUSE CVE CVE-2019-5763 page https://www.suse.com/security/cve/CVE-2019-5764/ SUSE CVE CVE-2019-5764 page https://www.suse.com/security/cve/CVE-2019-5765/ SUSE CVE CVE-2019-5765 page https://www.suse.com/security/cve/CVE-2019-5766/ SUSE CVE CVE-2019-5766 page https://www.suse.com/security/cve/CVE-2019-5767/ SUSE CVE CVE-2019-5767 page https://www.suse.com/security/cve/CVE-2019-5768/ SUSE CVE CVE-2019-5768 page https://www.suse.com/security/cve/CVE-2019-5769/ SUSE CVE CVE-2019-5769 page https://www.suse.com/security/cve/CVE-2019-5770/ SUSE CVE CVE-2019-5770 page https://www.suse.com/security/cve/CVE-2019-5771/ SUSE CVE CVE-2019-5771 page https://www.suse.com/security/cve/CVE-2019-5772/ SUSE CVE CVE-2019-5772 page https://www.suse.com/security/cve/CVE-2019-5773/ SUSE CVE CVE-2019-5773 page https://www.suse.com/security/cve/CVE-2019-5774/ SUSE CVE CVE-2019-5774 page https://www.suse.com/security/cve/CVE-2019-5775/ SUSE CVE CVE-2019-5775 page https://www.suse.com/security/cve/CVE-2019-5776/ SUSE CVE CVE-2019-5776 page https://www.suse.com/security/cve/CVE-2019-5777/ SUSE CVE CVE-2019-5777 page https://www.suse.com/security/cve/CVE-2019-5778/ SUSE CVE CVE-2019-5778 page https://www.suse.com/security/cve/CVE-2019-5779/ SUSE CVE CVE-2019-5779 page https://www.suse.com/security/cve/CVE-2019-5780/ SUSE CVE CVE-2019-5780 page https://www.suse.com/security/cve/CVE-2019-5781/ SUSE CVE CVE-2019-5781 page https://www.suse.com/security/cve/CVE-2019-5782/ SUSE CVE CVE-2019-5782 page https://www.suse.com/security/cve/CVE-2019-5784/ SUSE CVE CVE-2019-5784 page openSUSE Leap 15.0 chromedriver-72.0.3626.96-lp150.2.41.1 chromium-72.0.3626.96-lp150.2.41.1 chromedriver-72.0.3626.96-lp150.2.41.1 as a component of openSUSE Leap 15.0 chromium-72.0.3626.96-lp150.2.41.1 as a component of openSUSE Leap 15.0 Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. CVE-2019-5754 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5754.html CVE-2019-5754 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. CVE-2019-5755 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5755.html CVE-2019-5755 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2019-5756 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5756.html CVE-2019-5756 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2019-5757 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5757.html CVE-2019-5757 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5758 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5758.html CVE-2019-5758 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5759 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5759.html CVE-2019-5759 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5760 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5760.html CVE-2019-5760 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5761 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5761.html CVE-2019-5761 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2019-5762 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5762.html CVE-2019-5762 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5763 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5763.html CVE-2019-5763 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5764 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5764.html CVE-2019-5764 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. CVE-2019-5765 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5765.html CVE-2019-5765 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5766 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5766.html CVE-2019-5766 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. CVE-2019-5767 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5767.html CVE-2019-5767 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. CVE-2019-5768 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5768.html CVE-2019-5768 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5769 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5769.html CVE-2019-5769 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2019-5770 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5770.html CVE-2019-5770 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2019-5771 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5771.html CVE-2019-5771 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5772 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5772.html CVE-2019-5772 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. CVE-2019-5773 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5773.html CVE-2019-5773 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. CVE-2019-5774 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5774.html CVE-2019-5774 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5775 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5775.html CVE-2019-5775 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5776 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5776.html CVE-2019-5776 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5777 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5777.html CVE-2019-5777 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. CVE-2019-5778 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5778.html CVE-2019-5778 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5779 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5779.html CVE-2019-5779 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. CVE-2019-5780 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5780.html CVE-2019-5780 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5781 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5781.html CVE-2019-5781 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2019-5782 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5782.html CVE-2019-5782 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5784 openSUSE Leap 15.0:chromedriver-72.0.3626.96-lp150.2.41.1 openSUSE Leap 15.0:chromium-72.0.3626.96-lp150.2.41.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-updates/2019-02/msg00095.html https://www.suse.com/security/cve/CVE-2019-5784.html CVE-2019-5784 https://bugzilla.suse.com/1124936 SUSE Bug 1124936