Security update for Chromium SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2597-1 Final 1 1 2016-10-19T15:50:17Z current 2016-10-19T15:50:17Z 2016-10-19T15:50:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 54.0.2840.59 to fix security issues and bugs. The following security issues are fixed (bnc#1004465): - CVE-2016-5181: Universal XSS in Blink - CVE-2016-5182: Heap overflow in Blink - CVE-2016-5183: Use after free in PDFium - CVE-2016-5184: Use after free in PDFium - CVE-2016-5185: Use after free in Blink - CVE-2016-5187: URL spoofing - CVE-2016-5188: UI spoofing - CVE-2016-5192: Cross-origin bypass in Blink - CVE-2016-5189: URL spoofing - CVE-2016-5186: Out of bounds read in DevTools - CVE-2016-5191: Universal XSS in Bookmarks - CVE-2016-5190: Use after free in Internals - CVE-2016-5193: Scheme bypass The following bugs were fixed: - bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher The following packaging changes are included: - The desktop sub-packages are no obsolete - The package now uses the system variants of some bundled libraries - The hangouts extension is now built The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). 5717 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ Link for SUSE-SU-2016:2597-1 E-Mail link for SUSE-SU-2016:2597-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1000019 SUSE Bug 1000019 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 https://www.suse.com/security/cve/CVE-2016-5181/ SUSE CVE CVE-2016-5181 page https://www.suse.com/security/cve/CVE-2016-5182/ SUSE CVE CVE-2016-5182 page https://www.suse.com/security/cve/CVE-2016-5183/ SUSE CVE CVE-2016-5183 page https://www.suse.com/security/cve/CVE-2016-5184/ SUSE CVE CVE-2016-5184 page https://www.suse.com/security/cve/CVE-2016-5185/ SUSE CVE CVE-2016-5185 page https://www.suse.com/security/cve/CVE-2016-5186/ SUSE CVE CVE-2016-5186 page https://www.suse.com/security/cve/CVE-2016-5187/ SUSE CVE CVE-2016-5187 page https://www.suse.com/security/cve/CVE-2016-5188/ SUSE CVE CVE-2016-5188 page https://www.suse.com/security/cve/CVE-2016-5189/ SUSE CVE CVE-2016-5189 page https://www.suse.com/security/cve/CVE-2016-5190/ SUSE CVE CVE-2016-5190 page https://www.suse.com/security/cve/CVE-2016-5191/ SUSE CVE CVE-2016-5191 page https://www.suse.com/security/cve/CVE-2016-5192/ SUSE CVE CVE-2016-5192 page https://www.suse.com/security/cve/CVE-2016-5193/ SUSE CVE CVE-2016-5193 page SUSE Package Hub 12 chromedriver-54.0.2840.59-109.1 chromium-54.0.2840.59-109.1 chromium-ffmpegsumo-54.0.2840.59-109.1 chromedriver-54.0.2840.59-109.1 as a component of SUSE Package Hub 12 chromium-54.0.2840.59-109.1 as a component of SUSE Package Hub 12 chromium-ffmpegsumo-54.0.2840.59-109.1 as a component of SUSE Package Hub 12 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. CVE-2016-5181 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5181.html CVE-2016-5181 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. CVE-2016-5182 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5182.html CVE-2016-5182 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. CVE-2016-5183 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5183.html CVE-2016-5183 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. CVE-2016-5184 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5184.html CVE-2016-5184 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. CVE-2016-5185 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5185.html CVE-2016-5185 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. CVE-2016-5186 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5186.html CVE-2016-5186 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. CVE-2016-5187 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5187.html CVE-2016-5187 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. CVE-2016-5188 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5188.html CVE-2016-5188 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. CVE-2016-5189 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5189.html CVE-2016-5189 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. CVE-2016-5190 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5190.html CVE-2016-5190 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. CVE-2016-5191 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5191.html CVE-2016-5191 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. CVE-2016-5192 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5192.html CVE-2016-5192 https://bugzilla.suse.com/1004465 SUSE Bug 1004465 Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. CVE-2016-5193 SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-54.0.2840.59-109.1 SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/ https://www.suse.com/security/cve/CVE-2016-5193.html CVE-2016-5193 https://bugzilla.suse.com/1004465 SUSE Bug 1004465