Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2313-1 Final 1 1 2019-10-14T04:19:47Z current 2019-10-14T04:19:47Z 2019-10-14T04:19:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Update to 77.0.3865.120 (boo#1153660): - CVE-2019-13693: Fixed a use-after-free in IndexedDB - CVE-2019-13694: Fixed a use-after-free in WebRTC - CVE-2019-13695: Fixed a use-after-free in audio - CVE-2019-13696: Fixed a use-after-free in V8 - CVE-2019-13697: Fixed a cross-origin size leak. - Fixed an issue with the video playback on Intel Kaby Lake and later (boo#1146219). This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2313 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00040.html E-Mail link for openSUSE-SU-2019:2313-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1146219 SUSE Bug 1146219 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 https://www.suse.com/security/cve/CVE-2019-13693/ SUSE CVE CVE-2019-13693 page https://www.suse.com/security/cve/CVE-2019-13694/ SUSE CVE CVE-2019-13694 page https://www.suse.com/security/cve/CVE-2019-13695/ SUSE CVE CVE-2019-13695 page https://www.suse.com/security/cve/CVE-2019-13696/ SUSE CVE CVE-2019-13696 page https://www.suse.com/security/cve/CVE-2019-13697/ SUSE CVE CVE-2019-13697 page SUSE Package Hub 15 chromedriver-77.0.3865.120-bp150.237.1 chromium-77.0.3865.120-bp150.237.1 chromedriver-77.0.3865.120-bp150.237.1 as a component of SUSE Package Hub 15 chromium-77.0.3865.120-bp150.237.1 as a component of SUSE Package Hub 15 Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-13693 SUSE Package Hub 15:chromedriver-77.0.3865.120-bp150.237.1 SUSE Package Hub 15:chromium-77.0.3865.120-bp150.237.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00040.html https://www.suse.com/security/cve/CVE-2019-13693.html CVE-2019-13693 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13694 SUSE Package Hub 15:chromedriver-77.0.3865.120-bp150.237.1 SUSE Package Hub 15:chromium-77.0.3865.120-bp150.237.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00040.html https://www.suse.com/security/cve/CVE-2019-13694.html CVE-2019-13694 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13695 SUSE Package Hub 15:chromedriver-77.0.3865.120-bp150.237.1 SUSE Package Hub 15:chromium-77.0.3865.120-bp150.237.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00040.html https://www.suse.com/security/cve/CVE-2019-13695.html CVE-2019-13695 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13696 SUSE Package Hub 15:chromedriver-77.0.3865.120-bp150.237.1 SUSE Package Hub 15:chromium-77.0.3865.120-bp150.237.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00040.html https://www.suse.com/security/cve/CVE-2019-13696.html CVE-2019-13696 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13697 SUSE Package Hub 15:chromedriver-77.0.3865.120-bp150.237.1 SUSE Package Hub 15:chromium-77.0.3865.120-bp150.237.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00040.html https://www.suse.com/security/cve/CVE-2019-13697.html CVE-2019-13697 https://bugzilla.suse.com/1153660 SUSE Bug 1153660