Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2447-1 Final 1 1 2019-11-06T17:25:26Z current 2019-11-06T17:25:26Z 2019-11-06T17:25:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 78.0.3904.87: (boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492) Security issues fixed with this version update: * CVE-2019-13721: Use-after-free in PDFium * CVE-2019-13720: Use-after-free in audio * CVE-2019-13699: Use-after-free in media * CVE-2019-13700: Buffer overrun in Blink * CVE-2019-13701: URL spoof in navigation * CVE-2019-13702: Privilege elevation in Installer * CVE-2019-13703: URL bar spoofing * CVE-2019-13704: CSP bypass * CVE-2019-13705: Extension permission bypass * CVE-2019-13706: Out-of-bounds read in PDFium * CVE-2019-13707: File storage disclosure * CVE-2019-13708: HTTP authentication spoof * CVE-2019-13709: File download protection bypass * CVE-2019-13710: File download protection bypass * CVE-2019-13711: Cross-context information leak * CVE-2019-15903: Buffer overflow in expat * CVE-2019-13713: Cross-origin data leak * CVE-2019-13714: CSS injection * CVE-2019-13715: Address bar spoofing * CVE-2019-13716: Service worker state error * CVE-2019-13717: Notification obscured * CVE-2019-13718: IDN spoof * CVE-2019-13719: Notification obscured * CVE-2019-13693: Use-after-free in IndexedDB * CVE-2019-13694: Use-after-free in WebRTC * CVE-2019-13695: Use-after-free in audio * CVE-2019-13696: Use-after-free in V8 * CVE-2019-13697: Cross-origin size leak. * CVE-2019-13685: Use-after-free in UI * CVE-2019-13688: Use-after-free in media * CVE-2019-13687: Use-after-free in media * CVE-2019-13686: Use-after-free in offline pages * CVE-2019-5870: Use-after-free in media * CVE-2019-5871: Heap overflow in Skia * CVE-2019-5872: Use-after-free in Mojo * CVE-2019-5874: External URIs may trigger other browsers * CVE-2019-5875: URL bar spoof via download redirect * CVE-2019-5876: Use-after-free in media * CVE-2019-5877: Out-of-bounds access in V8 * CVE-2019-5878: Use-after-free in V8 * CVE-2019-5879: Extension can bypass same origin policy * CVE-2019-5880: SameSite cookie bypass * CVE-2019-5881: Arbitrary read in SwiftShader * CVE-2019-13659: URL spoof * CVE-2019-13660: Full screen notification overlap * CVE-2019-13661: Full screen notification spoof * CVE-2019-13662: CSP bypass * CVE-2019-13663: IDN spoof * CVE-2019-13664: CSRF bypass * CVE-2019-13665: Multiple file download protection bypass * CVE-2019-13666: Side channel using storage size estimate * CVE-2019-13667: URI bar spoof when using external app URIs * CVE-2019-13668: Global window leak via console * CVE-2019-13669: HTTP authentication spoof * CVE-2019-13670: V8 memory corruption in regex * CVE-2019-13671: Dialog box fails to show origin * CVE-2019-13673: Cross-origin information leak using devtools * CVE-2019-13674: IDN spoofing * CVE-2019-13675: Extensions can be disabled by trailing slash * CVE-2019-13676: Google URI shown for certificate warning * CVE-2019-13677: Chrome web store origin needs to be isolated * CVE-2019-13678: Download dialog spoofing * CVE-2019-13679: User gesture needed for printing * CVE-2019-13680: IP address spoofing to servers * CVE-2019-13681: Bypass on download restrictions * CVE-2019-13682: Site isolation bypass * CVE-2019-13683: Exceptions leaked by devtools * CVE-2019-5869: Use-after-free in Blink * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction * CVE-2019-5867: Out-of-bounds read in V8 * CVE-2019-5850: Use-after-free in offline page fetcher * CVE-2019-5860: Use-after-free in PDFium * CVE-2019-5853: Memory corruption in regexp length check * CVE-2019-5851: Use-after-poison in offline audio context * CVE-2019-5859: res: URIs can load alternative browsers * CVE-2019-5856: Insufficient checks on filesystem: URI permissions * CVE-2019-5855: Integer overflow in PDFium * CVE-2019-5865: Site isolation bypass from compromised renderer * CVE-2019-5858: Insufficient filtering of Open URL service parameters * CVE-2019-5864: Insufficient port filtering in CORS for extensions * CVE-2019-5862: AppCache not robust to compromised renderers * CVE-2019-5861: Click location incorrectly checked * CVE-2019-5857: Comparison of -0 and null yields crash * CVE-2019-5854: Integer overflow in PDFium text rendering * CVE-2019-5852: Object leak of utility functions The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2447 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html E-Mail link for openSUSE-SU-2019:2447-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1143492 SUSE Bug 1143492 https://bugzilla.suse.com/1144625 SUSE Bug 1144625 https://bugzilla.suse.com/1145242 SUSE Bug 1145242 https://bugzilla.suse.com/1146219 SUSE Bug 1146219 https://bugzilla.suse.com/1149143 SUSE Bug 1149143 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 https://bugzilla.suse.com/1155643 SUSE Bug 1155643 https://www.suse.com/security/cve/CVE-2019-13659/ SUSE CVE CVE-2019-13659 page https://www.suse.com/security/cve/CVE-2019-13660/ SUSE CVE CVE-2019-13660 page https://www.suse.com/security/cve/CVE-2019-13661/ SUSE CVE CVE-2019-13661 page https://www.suse.com/security/cve/CVE-2019-13662/ SUSE CVE CVE-2019-13662 page https://www.suse.com/security/cve/CVE-2019-13663/ SUSE CVE CVE-2019-13663 page https://www.suse.com/security/cve/CVE-2019-13664/ SUSE CVE CVE-2019-13664 page https://www.suse.com/security/cve/CVE-2019-13665/ SUSE CVE CVE-2019-13665 page https://www.suse.com/security/cve/CVE-2019-13666/ SUSE CVE CVE-2019-13666 page https://www.suse.com/security/cve/CVE-2019-13667/ SUSE CVE CVE-2019-13667 page https://www.suse.com/security/cve/CVE-2019-13668/ SUSE CVE CVE-2019-13668 page https://www.suse.com/security/cve/CVE-2019-13669/ SUSE CVE CVE-2019-13669 page https://www.suse.com/security/cve/CVE-2019-13670/ SUSE CVE CVE-2019-13670 page https://www.suse.com/security/cve/CVE-2019-13671/ SUSE CVE CVE-2019-13671 page https://www.suse.com/security/cve/CVE-2019-13673/ SUSE CVE CVE-2019-13673 page https://www.suse.com/security/cve/CVE-2019-13674/ SUSE CVE CVE-2019-13674 page https://www.suse.com/security/cve/CVE-2019-13675/ SUSE CVE CVE-2019-13675 page https://www.suse.com/security/cve/CVE-2019-13676/ SUSE CVE CVE-2019-13676 page https://www.suse.com/security/cve/CVE-2019-13677/ SUSE CVE CVE-2019-13677 page https://www.suse.com/security/cve/CVE-2019-13678/ SUSE CVE CVE-2019-13678 page https://www.suse.com/security/cve/CVE-2019-13679/ SUSE CVE CVE-2019-13679 page https://www.suse.com/security/cve/CVE-2019-13680/ SUSE CVE CVE-2019-13680 page https://www.suse.com/security/cve/CVE-2019-13681/ SUSE CVE CVE-2019-13681 page https://www.suse.com/security/cve/CVE-2019-13682/ SUSE CVE CVE-2019-13682 page https://www.suse.com/security/cve/CVE-2019-13683/ SUSE CVE CVE-2019-13683 page https://www.suse.com/security/cve/CVE-2019-13685/ SUSE CVE CVE-2019-13685 page https://www.suse.com/security/cve/CVE-2019-13686/ SUSE CVE CVE-2019-13686 page https://www.suse.com/security/cve/CVE-2019-13687/ SUSE CVE CVE-2019-13687 page https://www.suse.com/security/cve/CVE-2019-13688/ SUSE CVE CVE-2019-13688 page https://www.suse.com/security/cve/CVE-2019-13693/ SUSE CVE CVE-2019-13693 page https://www.suse.com/security/cve/CVE-2019-13694/ SUSE CVE CVE-2019-13694 page https://www.suse.com/security/cve/CVE-2019-13695/ SUSE CVE CVE-2019-13695 page https://www.suse.com/security/cve/CVE-2019-13696/ SUSE CVE CVE-2019-13696 page https://www.suse.com/security/cve/CVE-2019-13697/ SUSE CVE CVE-2019-13697 page https://www.suse.com/security/cve/CVE-2019-13699/ SUSE CVE CVE-2019-13699 page https://www.suse.com/security/cve/CVE-2019-13700/ SUSE CVE CVE-2019-13700 page https://www.suse.com/security/cve/CVE-2019-13701/ SUSE CVE CVE-2019-13701 page https://www.suse.com/security/cve/CVE-2019-13702/ SUSE CVE CVE-2019-13702 page https://www.suse.com/security/cve/CVE-2019-13703/ SUSE CVE CVE-2019-13703 page https://www.suse.com/security/cve/CVE-2019-13704/ SUSE CVE CVE-2019-13704 page https://www.suse.com/security/cve/CVE-2019-13705/ SUSE CVE CVE-2019-13705 page https://www.suse.com/security/cve/CVE-2019-13706/ SUSE CVE CVE-2019-13706 page https://www.suse.com/security/cve/CVE-2019-13707/ SUSE CVE CVE-2019-13707 page https://www.suse.com/security/cve/CVE-2019-13708/ SUSE CVE CVE-2019-13708 page https://www.suse.com/security/cve/CVE-2019-13709/ SUSE CVE CVE-2019-13709 page https://www.suse.com/security/cve/CVE-2019-13710/ SUSE CVE CVE-2019-13710 page https://www.suse.com/security/cve/CVE-2019-13711/ SUSE CVE CVE-2019-13711 page https://www.suse.com/security/cve/CVE-2019-13713/ SUSE CVE CVE-2019-13713 page https://www.suse.com/security/cve/CVE-2019-13714/ SUSE CVE CVE-2019-13714 page https://www.suse.com/security/cve/CVE-2019-13715/ SUSE CVE CVE-2019-13715 page https://www.suse.com/security/cve/CVE-2019-13716/ SUSE CVE CVE-2019-13716 page https://www.suse.com/security/cve/CVE-2019-13717/ SUSE CVE CVE-2019-13717 page https://www.suse.com/security/cve/CVE-2019-13718/ SUSE CVE CVE-2019-13718 page https://www.suse.com/security/cve/CVE-2019-13719/ SUSE CVE CVE-2019-13719 page https://www.suse.com/security/cve/CVE-2019-13720/ SUSE CVE CVE-2019-13720 page https://www.suse.com/security/cve/CVE-2019-13721/ SUSE CVE CVE-2019-13721 page https://www.suse.com/security/cve/CVE-2019-15903/ SUSE CVE CVE-2019-15903 page https://www.suse.com/security/cve/CVE-2019-5850/ SUSE CVE CVE-2019-5850 page https://www.suse.com/security/cve/CVE-2019-5851/ SUSE CVE CVE-2019-5851 page https://www.suse.com/security/cve/CVE-2019-5852/ SUSE CVE CVE-2019-5852 page https://www.suse.com/security/cve/CVE-2019-5853/ SUSE CVE CVE-2019-5853 page https://www.suse.com/security/cve/CVE-2019-5854/ SUSE CVE CVE-2019-5854 page https://www.suse.com/security/cve/CVE-2019-5855/ SUSE CVE CVE-2019-5855 page https://www.suse.com/security/cve/CVE-2019-5856/ SUSE CVE CVE-2019-5856 page https://www.suse.com/security/cve/CVE-2019-5857/ SUSE CVE CVE-2019-5857 page https://www.suse.com/security/cve/CVE-2019-5858/ SUSE CVE CVE-2019-5858 page https://www.suse.com/security/cve/CVE-2019-5859/ SUSE CVE CVE-2019-5859 page https://www.suse.com/security/cve/CVE-2019-5860/ SUSE CVE CVE-2019-5860 page https://www.suse.com/security/cve/CVE-2019-5861/ SUSE CVE CVE-2019-5861 page https://www.suse.com/security/cve/CVE-2019-5862/ SUSE CVE CVE-2019-5862 page https://www.suse.com/security/cve/CVE-2019-5863/ SUSE CVE CVE-2019-5863 page https://www.suse.com/security/cve/CVE-2019-5864/ SUSE CVE CVE-2019-5864 page https://www.suse.com/security/cve/CVE-2019-5865/ SUSE CVE CVE-2019-5865 page https://www.suse.com/security/cve/CVE-2019-5867/ SUSE CVE CVE-2019-5867 page https://www.suse.com/security/cve/CVE-2019-5868/ SUSE CVE CVE-2019-5868 page https://www.suse.com/security/cve/CVE-2019-5869/ SUSE CVE CVE-2019-5869 page https://www.suse.com/security/cve/CVE-2019-5870/ SUSE CVE CVE-2019-5870 page https://www.suse.com/security/cve/CVE-2019-5871/ SUSE CVE CVE-2019-5871 page https://www.suse.com/security/cve/CVE-2019-5872/ SUSE CVE CVE-2019-5872 page https://www.suse.com/security/cve/CVE-2019-5874/ SUSE CVE CVE-2019-5874 page https://www.suse.com/security/cve/CVE-2019-5875/ SUSE CVE CVE-2019-5875 page https://www.suse.com/security/cve/CVE-2019-5876/ SUSE CVE CVE-2019-5876 page https://www.suse.com/security/cve/CVE-2019-5877/ SUSE CVE CVE-2019-5877 page https://www.suse.com/security/cve/CVE-2019-5878/ SUSE CVE CVE-2019-5878 page https://www.suse.com/security/cve/CVE-2019-5879/ SUSE CVE CVE-2019-5879 page https://www.suse.com/security/cve/CVE-2019-5880/ SUSE CVE CVE-2019-5880 page https://www.suse.com/security/cve/CVE-2019-5881/ SUSE CVE CVE-2019-5881 page SUSE Package Hub 12 SP3 chromedriver-78.0.3904.87-10.1 chromium-78.0.3904.87-10.1 chromedriver-78.0.3904.87-10.1 as a component of SUSE Package Hub 12 SP3 chromium-78.0.3904.87-10.1 as a component of SUSE Package Hub 12 SP3 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13659 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13659.html CVE-2019-13659 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. CVE-2019-13660 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13660.html CVE-2019-13660 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. CVE-2019-13661 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13661.html CVE-2019-13661 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13662 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13662.html CVE-2019-13662 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13663 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13663.html CVE-2019-13663 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13664 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13664.html CVE-2019-13664 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. CVE-2019-13665 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13665.html CVE-2019-13665 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13666 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13666.html CVE-2019-13666 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13667 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13667.html CVE-2019-13667 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13668 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13668.html CVE-2019-13668 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13669 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13669.html CVE-2019-13669 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13670 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13670.html CVE-2019-13670 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2019-13671 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13671.html CVE-2019-13671 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13673 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13673.html CVE-2019-13673 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13674 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13674.html CVE-2019-13674 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. CVE-2019-13675 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13675.html CVE-2019-13675 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13676 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13676.html CVE-2019-13676 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2019-13677 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13677.html CVE-2019-13677 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13678 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13678.html CVE-2019-13678 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. CVE-2019-13679 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13679.html CVE-2019-13679 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections. CVE-2019-13680 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13680.html CVE-2019-13680 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13681 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13681.html CVE-2019-13681 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-13682 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13682.html CVE-2019-13682 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13683 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13683.html CVE-2019-13683 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13685 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13685.html CVE-2019-13685 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13686 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13686.html CVE-2019-13686 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13687 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13687.html CVE-2019-13687 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13688 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13688.html CVE-2019-13688 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-13693 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13693.html CVE-2019-13693 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13694 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13694.html CVE-2019-13694 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13695 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13695.html CVE-2019-13695 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13696 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13696.html CVE-2019-13696 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13697 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13697.html CVE-2019-13697 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13699 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13699.html CVE-2019-13699 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13700 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13700.html CVE-2019-13700 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13701 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13701.html CVE-2019-13701 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. CVE-2019-13702 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13702.html CVE-2019-13702 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13703 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13703.html CVE-2019-13703 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13704 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13704.html CVE-2019-13704 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. CVE-2019-13705 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13705.html CVE-2019-13705 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-13706 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13706.html CVE-2019-13706 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. CVE-2019-13707 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13707.html CVE-2019-13707 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13708 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13708.html CVE-2019-13708 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13709 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13709.html CVE-2019-13709 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13710 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13710.html CVE-2019-13710 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13711 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13711.html CVE-2019-13711 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13713 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13713.html CVE-2019-13713 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. CVE-2019-13714 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13714.html CVE-2019-13714 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13715 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13715.html CVE-2019-13715 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-13716 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13716.html CVE-2019-13716 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. CVE-2019-13717 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13717.html CVE-2019-13717 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13718 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13718.html CVE-2019-13718 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. CVE-2019-13719 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13719.html CVE-2019-13719 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13720 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13720.html CVE-2019-13720 https://bugzilla.suse.com/1155643 SUSE Bug 1155643 Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13721 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-13721.html CVE-2019-13721 https://bugzilla.suse.com/1155643 SUSE Bug 1155643 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVE-2019-15903 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-15903.html CVE-2019-15903 https://bugzilla.suse.com/1149429 SUSE Bug 1149429 https://bugzilla.suse.com/1154738 SUSE Bug 1154738 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5850 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5850.html CVE-2019-5850 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5851 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5851.html CVE-2019-5851 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5852 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5852.html CVE-2019-5852 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5853 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5853.html CVE-2019-5853 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5854 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5854.html CVE-2019-5854 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5855 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5855.html CVE-2019-5855 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2019-5856 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5856.html CVE-2019-5856 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2019-5857 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5857.html CVE-2019-5857 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. CVE-2019-5858 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5858.html CVE-2019-5858 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5859 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5859.html CVE-2019-5859 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5860 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5860.html CVE-2019-5860 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. CVE-2019-5861 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5861.html CVE-2019-5861 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2019-5862 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5862.html CVE-2019-5862 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2019-5863 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5863.html CVE-2019-5863 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. CVE-2019-5864 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5864.html CVE-2019-5864 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2019-5865 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5865.html CVE-2019-5865 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5867 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5867.html CVE-2019-5867 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 https://bugzilla.suse.com/1145242 SUSE Bug 1145242 Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5868 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5868.html CVE-2019-5868 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 https://bugzilla.suse.com/1145242 SUSE Bug 1145242 Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5869 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5869.html CVE-2019-5869 https://bugzilla.suse.com/1149143 SUSE Bug 1149143 Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5870 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5870.html CVE-2019-5870 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5871 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5871.html CVE-2019-5871 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5872 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5872.html CVE-2019-5872 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5874 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5874.html CVE-2019-5874 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-5875 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5875.html CVE-2019-5875 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5876 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5876.html CVE-2019-5876 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5877 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5877.html CVE-2019-5877 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5878 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5878.html CVE-2019-5878 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. CVE-2019-5879 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5879.html CVE-2019-5879 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5880 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5880.html CVE-2019-5880 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5881 SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1 SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html https://www.suse.com/security/cve/CVE-2019-5881.html CVE-2019-5881 https://bugzilla.suse.com/1150425 SUSE Bug 1150425