Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2228-1 Final 1 1 2019-10-01T08:20:14Z current 2019-10-01T08:20:14Z 2019-10-01T08:20:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium to version 77.0.3865.90 fixes the following issues: - CVE-2019-13685: Fixed a use-after-free in UI. (boo#1151229) - CVE-2019-13688: Fixed a use-after-free in media. (boo#1151229) - CVE-2019-13687: Fixed a use-after-free in media. (boo#1151229) - CVE-2019-13686: Fixed a use-after-free in offline pages. (boo#1151229) This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2228 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00001.html E-Mail link for openSUSE-SU-2019:2228-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1151229 SUSE Bug 1151229 https://www.suse.com/security/cve/CVE-2019-13685/ SUSE CVE CVE-2019-13685 page https://www.suse.com/security/cve/CVE-2019-13686/ SUSE CVE CVE-2019-13686 page https://www.suse.com/security/cve/CVE-2019-13687/ SUSE CVE CVE-2019-13687 page https://www.suse.com/security/cve/CVE-2019-13688/ SUSE CVE CVE-2019-13688 page SUSE Package Hub 15 chromedriver-77.0.3865.90-bp150.234.1 chromium-77.0.3865.90-bp150.234.1 chromedriver-77.0.3865.90-bp150.234.1 as a component of SUSE Package Hub 15 chromium-77.0.3865.90-bp150.234.1 as a component of SUSE Package Hub 15 Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13685 SUSE Package Hub 15:chromedriver-77.0.3865.90-bp150.234.1 SUSE Package Hub 15:chromium-77.0.3865.90-bp150.234.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00001.html https://www.suse.com/security/cve/CVE-2019-13685.html CVE-2019-13685 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13686 SUSE Package Hub 15:chromedriver-77.0.3865.90-bp150.234.1 SUSE Package Hub 15:chromium-77.0.3865.90-bp150.234.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00001.html https://www.suse.com/security/cve/CVE-2019-13686.html CVE-2019-13686 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13687 SUSE Package Hub 15:chromedriver-77.0.3865.90-bp150.234.1 SUSE Package Hub 15:chromium-77.0.3865.90-bp150.234.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00001.html https://www.suse.com/security/cve/CVE-2019-13687.html CVE-2019-13687 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13688 SUSE Package Hub 15:chromedriver-77.0.3865.90-bp150.234.1 SUSE Package Hub 15:chromium-77.0.3865.90-bp150.234.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00001.html https://www.suse.com/security/cve/CVE-2019-13688.html CVE-2019-13688 https://bugzilla.suse.com/1151229 SUSE Bug 1151229