[openSUSE-SU-2019:2447-1] Security update for chromium

Severity Important

Affected Packages 4

CVEs 86

Security update for chromium

This update for chromium fixes the following issues:

Chromium was updated to 78.0.3904.87:
(boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492)

Security issues fixed with this version update:

CVE-2019-13721: Use-after-free in PDFium
CVE-2019-13720: Use-after-free in audio
CVE-2019-13699: Use-after-free in media
CVE-2019-13700: Buffer overrun in Blink
CVE-2019-13701: URL spoof in navigation
CVE-2019-13702: Privilege elevation in Installer
CVE-2019-13703: URL bar spoofing
CVE-2019-13704: CSP bypass
CVE-2019-13705: Extension permission bypass
CVE-2019-13706: Out-of-bounds read in PDFium
CVE-2019-13707: File storage disclosure
CVE-2019-13708: HTTP authentication spoof
CVE-2019-13709: File download protection bypass
CVE-2019-13710: File download protection bypass
CVE-2019-13711: Cross-context information leak
CVE-2019-15903: Buffer overflow in expat
CVE-2019-13713: Cross-origin data leak
CVE-2019-13714: CSS injection
CVE-2019-13715: Address bar spoofing
CVE-2019-13716: Service worker state error
CVE-2019-13717: Notification obscured
CVE-2019-13718: IDN spoof
CVE-2019-13719: Notification obscured
CVE-2019-13693: Use-after-free in IndexedDB
CVE-2019-13694: Use-after-free in WebRTC
CVE-2019-13695: Use-after-free in audio
CVE-2019-13696: Use-after-free in V8
CVE-2019-13697: Cross-origin size leak.
CVE-2019-13685: Use-after-free in UI
CVE-2019-13688: Use-after-free in media
CVE-2019-13687: Use-after-free in media
CVE-2019-13686: Use-after-free in offline pages
CVE-2019-5870: Use-after-free in media
CVE-2019-5871: Heap overflow in Skia
CVE-2019-5872: Use-after-free in Mojo
CVE-2019-5874: External URIs may trigger other browsers
CVE-2019-5875: URL bar spoof via download redirect
CVE-2019-5876: Use-after-free in media
CVE-2019-5877: Out-of-bounds access in V8
CVE-2019-5878: Use-after-free in V8
CVE-2019-5879: Extension can bypass same origin policy
CVE-2019-5880: SameSite cookie bypass
CVE-2019-5881: Arbitrary read in SwiftShader
CVE-2019-13659: URL spoof
CVE-2019-13660: Full screen notification overlap
CVE-2019-13661: Full screen notification spoof
CVE-2019-13662: CSP bypass
CVE-2019-13663: IDN spoof
CVE-2019-13664: CSRF bypass
CVE-2019-13665: Multiple file download protection bypass
CVE-2019-13666: Side channel using storage size estimate
CVE-2019-13667: URI bar spoof when using external app URIs
CVE-2019-13668: Global window leak via console
CVE-2019-13669: HTTP authentication spoof
CVE-2019-13670: V8 memory corruption in regex
CVE-2019-13671: Dialog box fails to show origin
CVE-2019-13673: Cross-origin information leak using devtools
CVE-2019-13674: IDN spoofing
CVE-2019-13675: Extensions can be disabled by trailing slash
CVE-2019-13676: Google URI shown for certificate warning
CVE-2019-13677: Chrome web store origin needs to be isolated
CVE-2019-13678: Download dialog spoofing
CVE-2019-13679: User gesture needed for printing
CVE-2019-13680: IP address spoofing to servers
CVE-2019-13681: Bypass on download restrictions
CVE-2019-13682: Site isolation bypass
CVE-2019-13683: Exceptions leaked by devtools
CVE-2019-5869: Use-after-free in Blink
CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
CVE-2019-5867: Out-of-bounds read in V8
CVE-2019-5850: Use-after-free in offline page fetcher
CVE-2019-5860: Use-after-free in PDFium
CVE-2019-5853: Memory corruption in regexp length check
CVE-2019-5851: Use-after-poison in offline audio context
CVE-2019-5859: res: URIs can load alternative browsers
CVE-2019-5856: Insufficient checks on filesystem: URI permissions
CVE-2019-5855: Integer overflow in PDFium
CVE-2019-5865: Site isolation bypass from compromised renderer
CVE-2019-5858: Insufficient filtering of Open URL service parameters
CVE-2019-5864: Insufficient port filtering in CORS for extensions
CVE-2019-5862: AppCache not robust to compromised renderers
CVE-2019-5861: Click location incorrectly checked
CVE-2019-5857: Comparison of -0 and null yields crash
CVE-2019-5854: Integer overflow in PDFium text rendering
CVE-2019-5852: Object leak of utility functions

Package	Affected Version
pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 78.0.3904.87-10.1
pkg:rpm/opensuse/chromium?arch=aarch64&distro=opensuse-12&repo=suse-package-hub	< 78.0.3904.87-10.1
pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 78.0.3904.87-10.1
pkg:rpm/opensuse/chromedriver?arch=aarch64&distro=opensuse-12&repo=suse-package-hub	< 78.0.3904.87-10.1

ID

openSUSE-SU-2019:2447-1

Severity

important

URL

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM/#QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM

Published

2019-11-06T17:25:26
(4 years ago)

Modified

2019-11-06T17:25:26
(4 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2447-1.json
Suse	URL for openSUSE-SU-2019:2447-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM/#QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM
Suse	E-Mail link for openSUSE-SU-2019:2447-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM/#QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM
Bugzilla	SUSE Bug 1143492	https://bugzilla.suse.com/1143492
Bugzilla	SUSE Bug 1144625	https://bugzilla.suse.com/1144625
Bugzilla	SUSE Bug 1145242	https://bugzilla.suse.com/1145242
Bugzilla	SUSE Bug 1146219	https://bugzilla.suse.com/1146219
Bugzilla	SUSE Bug 1149143	https://bugzilla.suse.com/1149143
Bugzilla	SUSE Bug 1150425	https://bugzilla.suse.com/1150425
Bugzilla	SUSE Bug 1151229	https://bugzilla.suse.com/1151229
Bugzilla	SUSE Bug 1153660	https://bugzilla.suse.com/1153660
Bugzilla	SUSE Bug 1154806	https://bugzilla.suse.com/1154806
Bugzilla	SUSE Bug 1155643	https://bugzilla.suse.com/1155643
CVE	SUSE CVE CVE-2019-13659 page	https://www.suse.com/security/cve/CVE-2019-13659/
CVE	SUSE CVE CVE-2019-13660 page	https://www.suse.com/security/cve/CVE-2019-13660/
CVE	SUSE CVE CVE-2019-13661 page	https://www.suse.com/security/cve/CVE-2019-13661/
CVE	SUSE CVE CVE-2019-13662 page	https://www.suse.com/security/cve/CVE-2019-13662/
CVE	SUSE CVE CVE-2019-13663 page	https://www.suse.com/security/cve/CVE-2019-13663/
CVE	SUSE CVE CVE-2019-13664 page	https://www.suse.com/security/cve/CVE-2019-13664/
CVE	SUSE CVE CVE-2019-13665 page	https://www.suse.com/security/cve/CVE-2019-13665/
CVE	SUSE CVE CVE-2019-13666 page	https://www.suse.com/security/cve/CVE-2019-13666/
CVE	SUSE CVE CVE-2019-13667 page	https://www.suse.com/security/cve/CVE-2019-13667/
CVE	SUSE CVE CVE-2019-13668 page	https://www.suse.com/security/cve/CVE-2019-13668/
CVE	SUSE CVE CVE-2019-13669 page	https://www.suse.com/security/cve/CVE-2019-13669/
CVE	SUSE CVE CVE-2019-13670 page	https://www.suse.com/security/cve/CVE-2019-13670/
CVE	SUSE CVE CVE-2019-13671 page	https://www.suse.com/security/cve/CVE-2019-13671/
CVE	SUSE CVE CVE-2019-13673 page	https://www.suse.com/security/cve/CVE-2019-13673/
CVE	SUSE CVE CVE-2019-13674 page	https://www.suse.com/security/cve/CVE-2019-13674/
CVE	SUSE CVE CVE-2019-13675 page	https://www.suse.com/security/cve/CVE-2019-13675/
CVE	SUSE CVE CVE-2019-13676 page	https://www.suse.com/security/cve/CVE-2019-13676/
CVE	SUSE CVE CVE-2019-13677 page	https://www.suse.com/security/cve/CVE-2019-13677/
CVE	SUSE CVE CVE-2019-13678 page	https://www.suse.com/security/cve/CVE-2019-13678/
CVE	SUSE CVE CVE-2019-13679 page	https://www.suse.com/security/cve/CVE-2019-13679/
CVE	SUSE CVE CVE-2019-13680 page	https://www.suse.com/security/cve/CVE-2019-13680/
CVE	SUSE CVE CVE-2019-13681 page	https://www.suse.com/security/cve/CVE-2019-13681/
CVE	SUSE CVE CVE-2019-13682 page	https://www.suse.com/security/cve/CVE-2019-13682/
CVE	SUSE CVE CVE-2019-13683 page	https://www.suse.com/security/cve/CVE-2019-13683/
CVE	SUSE CVE CVE-2019-13685 page	https://www.suse.com/security/cve/CVE-2019-13685/
CVE	SUSE CVE CVE-2019-13686 page	https://www.suse.com/security/cve/CVE-2019-13686/
CVE	SUSE CVE CVE-2019-13687 page	https://www.suse.com/security/cve/CVE-2019-13687/
CVE	SUSE CVE CVE-2019-13688 page	https://www.suse.com/security/cve/CVE-2019-13688/
CVE	SUSE CVE CVE-2019-13693 page	https://www.suse.com/security/cve/CVE-2019-13693/
CVE	SUSE CVE CVE-2019-13694 page	https://www.suse.com/security/cve/CVE-2019-13694/
CVE	SUSE CVE CVE-2019-13695 page	https://www.suse.com/security/cve/CVE-2019-13695/
CVE	SUSE CVE CVE-2019-13696 page	https://www.suse.com/security/cve/CVE-2019-13696/
CVE	SUSE CVE CVE-2019-13697 page	https://www.suse.com/security/cve/CVE-2019-13697/
CVE	SUSE CVE CVE-2019-13699 page	https://www.suse.com/security/cve/CVE-2019-13699/
CVE	SUSE CVE CVE-2019-13700 page	https://www.suse.com/security/cve/CVE-2019-13700/
CVE	SUSE CVE CVE-2019-13701 page	https://www.suse.com/security/cve/CVE-2019-13701/
CVE	SUSE CVE CVE-2019-13702 page	https://www.suse.com/security/cve/CVE-2019-13702/
CVE	SUSE CVE CVE-2019-13703 page	https://www.suse.com/security/cve/CVE-2019-13703/
CVE	SUSE CVE CVE-2019-13704 page	https://www.suse.com/security/cve/CVE-2019-13704/
CVE	SUSE CVE CVE-2019-13705 page	https://www.suse.com/security/cve/CVE-2019-13705/
CVE	SUSE CVE CVE-2019-13706 page	https://www.suse.com/security/cve/CVE-2019-13706/
CVE	SUSE CVE CVE-2019-13707 page	https://www.suse.com/security/cve/CVE-2019-13707/
CVE	SUSE CVE CVE-2019-13708 page	https://www.suse.com/security/cve/CVE-2019-13708/
CVE	SUSE CVE CVE-2019-13709 page	https://www.suse.com/security/cve/CVE-2019-13709/
CVE	SUSE CVE CVE-2019-13710 page	https://www.suse.com/security/cve/CVE-2019-13710/
CVE	SUSE CVE CVE-2019-13711 page	https://www.suse.com/security/cve/CVE-2019-13711/
CVE	SUSE CVE CVE-2019-13713 page	https://www.suse.com/security/cve/CVE-2019-13713/
CVE	SUSE CVE CVE-2019-13714 page	https://www.suse.com/security/cve/CVE-2019-13714/
CVE	SUSE CVE CVE-2019-13715 page	https://www.suse.com/security/cve/CVE-2019-13715/
CVE	SUSE CVE CVE-2019-13716 page	https://www.suse.com/security/cve/CVE-2019-13716/
CVE	SUSE CVE CVE-2019-13717 page	https://www.suse.com/security/cve/CVE-2019-13717/
CVE	SUSE CVE CVE-2019-13718 page	https://www.suse.com/security/cve/CVE-2019-13718/
CVE	SUSE CVE CVE-2019-13719 page	https://www.suse.com/security/cve/CVE-2019-13719/
CVE	SUSE CVE CVE-2019-13720 page	https://www.suse.com/security/cve/CVE-2019-13720/
CVE	SUSE CVE CVE-2019-13721 page	https://www.suse.com/security/cve/CVE-2019-13721/
CVE	SUSE CVE CVE-2019-15903 page	https://www.suse.com/security/cve/CVE-2019-15903/
CVE	SUSE CVE CVE-2019-5850 page	https://www.suse.com/security/cve/CVE-2019-5850/
CVE	SUSE CVE CVE-2019-5851 page	https://www.suse.com/security/cve/CVE-2019-5851/
CVE	SUSE CVE CVE-2019-5852 page	https://www.suse.com/security/cve/CVE-2019-5852/
CVE	SUSE CVE CVE-2019-5853 page	https://www.suse.com/security/cve/CVE-2019-5853/
CVE	SUSE CVE CVE-2019-5854 page	https://www.suse.com/security/cve/CVE-2019-5854/
CVE	SUSE CVE CVE-2019-5855 page	https://www.suse.com/security/cve/CVE-2019-5855/
CVE	SUSE CVE CVE-2019-5856 page	https://www.suse.com/security/cve/CVE-2019-5856/
CVE	SUSE CVE CVE-2019-5857 page	https://www.suse.com/security/cve/CVE-2019-5857/
CVE	SUSE CVE CVE-2019-5858 page	https://www.suse.com/security/cve/CVE-2019-5858/
CVE	SUSE CVE CVE-2019-5859 page	https://www.suse.com/security/cve/CVE-2019-5859/
CVE	SUSE CVE CVE-2019-5860 page	https://www.suse.com/security/cve/CVE-2019-5860/
CVE	SUSE CVE CVE-2019-5861 page	https://www.suse.com/security/cve/CVE-2019-5861/
CVE	SUSE CVE CVE-2019-5862 page	https://www.suse.com/security/cve/CVE-2019-5862/
CVE	SUSE CVE CVE-2019-5863 page	https://www.suse.com/security/cve/CVE-2019-5863/
CVE	SUSE CVE CVE-2019-5864 page	https://www.suse.com/security/cve/CVE-2019-5864/
CVE	SUSE CVE CVE-2019-5865 page	https://www.suse.com/security/cve/CVE-2019-5865/
CVE	SUSE CVE CVE-2019-5867 page	https://www.suse.com/security/cve/CVE-2019-5867/
CVE	SUSE CVE CVE-2019-5868 page	https://www.suse.com/security/cve/CVE-2019-5868/
CVE	SUSE CVE CVE-2019-5869 page	https://www.suse.com/security/cve/CVE-2019-5869/
CVE	SUSE CVE CVE-2019-5870 page	https://www.suse.com/security/cve/CVE-2019-5870/
CVE	SUSE CVE CVE-2019-5871 page	https://www.suse.com/security/cve/CVE-2019-5871/
CVE	SUSE CVE CVE-2019-5872 page	https://www.suse.com/security/cve/CVE-2019-5872/
CVE	SUSE CVE CVE-2019-5874 page	https://www.suse.com/security/cve/CVE-2019-5874/
CVE	SUSE CVE CVE-2019-5875 page	https://www.suse.com/security/cve/CVE-2019-5875/
CVE	SUSE CVE CVE-2019-5876 page	https://www.suse.com/security/cve/CVE-2019-5876/
CVE	SUSE CVE CVE-2019-5877 page	https://www.suse.com/security/cve/CVE-2019-5877/
CVE	SUSE CVE CVE-2019-5878 page	https://www.suse.com/security/cve/CVE-2019-5878/
CVE	SUSE CVE CVE-2019-5879 page	https://www.suse.com/security/cve/CVE-2019-5879/
CVE	SUSE CVE CVE-2019-5880 page	https://www.suse.com/security/cve/CVE-2019-5880/
CVE	SUSE CVE CVE-2019-5881 page	https://www.suse.com/security/cve/CVE-2019-5881/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/opensuse/chromium?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	chromium	< 78.0.3904.87-10.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/chromium?arch=aarch64&distro=opensuse-12&repo=suse-package-hub	opensuse	chromium	< 78.0.3904.87-10.1	opensuse-12	aarch64
Affected	pkg:rpm/opensuse/chromedriver?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	chromedriver	< 78.0.3904.87-10.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/chromedriver?arch=aarch64&distro=opensuse-12&repo=suse-package-hub	opensuse	chromedriver	< 78.0.3904.87-10.1	opensuse-12	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date