opensuse-su-2017:0565-1
Vulnerability from csaf_opensuse
Published
2017-02-18 10:40
Modified
2017-02-18 10:40
Summary
Security update of chromium
Notes
Title of the patch
Security update of chromium
Description of the patch
Google chromium was updated to 56.0.2924.87:
* Various small fixes
* Disabled option to enable/disable plugins in the chrome://plugins
- Changed the build requirement of libavformat to library version
57.41.100, as included in ffmpeg 3.1.1, as only this version
properly supports the public AVStream API 'codecpar'.
It also contains the version update to 56.0.2924.76 (bsc#1022049):
- CVE-2017-5007: Universal XSS in Blink
- CVE-2017-5006: Universal XSS in Blink
- CVE-2017-5008: Universal XSS in Blink
- CVE-2017-5010: Universal XSS in Blink
- CVE-2017-5011: Unauthorised file access in Devtools
- CVE-2017-5009: Out of bounds memory access in WebRTC
- CVE-2017-5012: Heap overflow in V8
- CVE-2017-5013: Address spoofing in Omnibox
- CVE-2017-5014: Heap overflow in Skia
- CVE-2017-5015: Address spoofing in Omnibox
- CVE-2017-5019: Use after free in Renderer
- CVE-2017-5016: UI spoofing in Blink
- CVE-2017-5017: Uninitialised memory access in webm video
- CVE-2017-5018: Universal XSS in chrome://apps
- CVE-2017-5020: Universal XSS in chrome://downloads
- CVE-2017-5021: Use after free in Extensions
- CVE-2017-5022: Bypass of Content Security Policy in Blink
- CVE-2017-5023: Type confusion in metrics
- CVE-2017-5024: Heap overflow in FFmpeg
- CVE-2017-5025: Heap overflow in FFmpeg
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- Enable VAAPI hardware accelerated video decoding.
- Chromium 55.0.2883.87:
* various fixes for crashes and specific wesites
* update Google pinned certificates
Patchnames
openSUSE-2017-272
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update of chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nGoogle chromium was updated to 56.0.2924.87:\n\n* Various small fixes\n* Disabled option to enable/disable plugins in the chrome://plugins\n\n- Changed the build requirement of libavformat to library version\n 57.41.100, as included in ffmpeg 3.1.1, as only this version\n properly supports the public AVStream API \u0027codecpar\u0027. \n\nIt also contains the version update to 56.0.2924.76 (bsc#1022049):\n - CVE-2017-5007: Universal XSS in Blink\n - CVE-2017-5006: Universal XSS in Blink\n - CVE-2017-5008: Universal XSS in Blink\n - CVE-2017-5010: Universal XSS in Blink\n - CVE-2017-5011: Unauthorised file access in Devtools\n - CVE-2017-5009: Out of bounds memory access in WebRTC\n - CVE-2017-5012: Heap overflow in V8\n - CVE-2017-5013: Address spoofing in Omnibox\n - CVE-2017-5014: Heap overflow in Skia\n - CVE-2017-5015: Address spoofing in Omnibox\n - CVE-2017-5019: Use after free in Renderer\n - CVE-2017-5016: UI spoofing in Blink\n - CVE-2017-5017: Uninitialised memory access in webm video\n - CVE-2017-5018: Universal XSS in chrome://apps\n - CVE-2017-5020: Universal XSS in chrome://downloads\n - CVE-2017-5021: Use after free in Extensions\n - CVE-2017-5022: Bypass of Content Security Policy in Blink\n - CVE-2017-5023: Type confusion in metrics\n - CVE-2017-5024: Heap overflow in FFmpeg\n - CVE-2017-5025: Heap overflow in FFmpeg\n - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing\n\n- Enable VAAPI hardware accelerated video decoding.\n\n- Chromium 55.0.2883.87:\n * various fixes for crashes and specific wesites\n * update Google pinned certificates\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-272",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_0565-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2017:0565-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2017:0565-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z/#4T3XDIC3O56Y5NQARI5QVMHXYJBSU75Z"
},
{
"category": "self",
"summary": "SUSE Bug 1022049",
"url": "https://bugzilla.suse.com/1022049"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5006 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5007 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5008 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5009 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5011 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5012 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5013 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5014 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5015 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5016 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5017 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5018 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5019 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5020 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5021 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5022 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5023 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5024 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5025 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5025/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5026 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5026/"
}
],
"title": "Security update of chromium",
"tracking": {
"current_release_date": "2017-02-18T10:40:17Z",
"generator": {
"date": "2017-02-18T10:40:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:0565-1",
"initial_release_date": "2017-02-18T10:40:17Z",
"revision_history": [
{
"date": "2017-02-18T10:40:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-56.0.2924.87-5.1.x86_64",
"product": {
"name": "chromedriver-56.0.2924.87-5.1.x86_64",
"product_id": "chromedriver-56.0.2924.87-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-56.0.2924.87-5.1.x86_64",
"product": {
"name": "chromium-56.0.2924.87-5.1.x86_64",
"product_id": "chromium-56.0.2924.87-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-56.0.2924.87-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64"
},
"product_reference": "chromedriver-56.0.2924.87-5.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-56.0.2924.87-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
},
"product_reference": "chromium-56.0.2924.87-5.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5006"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5006",
"url": "https://www.suse.com/security/cve/CVE-2017-5006"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5006",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5006"
},
{
"cve": "CVE-2017-5007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5007"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5007",
"url": "https://www.suse.com/security/cve/CVE-2017-5007"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5007",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5007"
},
{
"cve": "CVE-2017-5008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5008"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5008",
"url": "https://www.suse.com/security/cve/CVE-2017-5008"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5008",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5008"
},
{
"cve": "CVE-2017-5009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5009"
}
],
"notes": [
{
"category": "general",
"text": "WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5009",
"url": "https://www.suse.com/security/cve/CVE-2017-5009"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5009",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5009"
},
{
"cve": "CVE-2017-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5010"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5010",
"url": "https://www.suse.com/security/cve/CVE-2017-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5010",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5010"
},
{
"cve": "CVE-2017-5011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5011"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5011",
"url": "https://www.suse.com/security/cve/CVE-2017-5011"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5011",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5011"
},
{
"cve": "CVE-2017-5012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5012"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5012",
"url": "https://www.suse.com/security/cve/CVE-2017-5012"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5012",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5012"
},
{
"cve": "CVE-2017-5013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5013"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5013",
"url": "https://www.suse.com/security/cve/CVE-2017-5013"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5013",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5013"
},
{
"cve": "CVE-2017-5014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5014"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5014",
"url": "https://www.suse.com/security/cve/CVE-2017-5014"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5014",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5014"
},
{
"cve": "CVE-2017-5015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5015"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5015",
"url": "https://www.suse.com/security/cve/CVE-2017-5015"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5015",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5015"
},
{
"cve": "CVE-2017-5016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5016"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don\u0027t control via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5016",
"url": "https://www.suse.com/security/cve/CVE-2017-5016"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5016",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5016"
},
{
"cve": "CVE-2017-5017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5017"
}
],
"notes": [
{
"category": "general",
"text": "Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5017",
"url": "https://www.suse.com/security/cve/CVE-2017-5017"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5017",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5017"
},
{
"cve": "CVE-2017-5018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5018"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5018",
"url": "https://www.suse.com/security/cve/CVE-2017-5018"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5018",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5018"
},
{
"cve": "CVE-2017-5019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5019"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5019",
"url": "https://www.suse.com/security/cve/CVE-2017-5019"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5019",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5019"
},
{
"cve": "CVE-2017-5020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5020"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5020",
"url": "https://www.suse.com/security/cve/CVE-2017-5020"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5020",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5020"
},
{
"cve": "CVE-2017-5021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5021"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5021",
"url": "https://www.suse.com/security/cve/CVE-2017-5021"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5021",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5021"
},
{
"cve": "CVE-2017-5022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5022"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5022",
"url": "https://www.suse.com/security/cve/CVE-2017-5022"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5022",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5022"
},
{
"cve": "CVE-2017-5023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5023"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5023",
"url": "https://www.suse.com/security/cve/CVE-2017-5023"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5023",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5023"
},
{
"cve": "CVE-2017-5024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5024"
}
],
"notes": [
{
"category": "general",
"text": "FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5024",
"url": "https://www.suse.com/security/cve/CVE-2017-5024"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5024",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5024"
},
{
"cve": "CVE-2017-5025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5025"
}
],
"notes": [
{
"category": "general",
"text": "FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5025",
"url": "https://www.suse.com/security/cve/CVE-2017-5025"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5025",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5025"
},
{
"cve": "CVE-2017-5026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5026"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don\u0027t control via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5026",
"url": "https://www.suse.com/security/cve/CVE-2017-5026"
},
{
"category": "external",
"summary": "SUSE Bug 1022049 for CVE-2017-5026",
"url": "https://bugzilla.suse.com/1022049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-56.0.2924.87-5.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-56.0.2924.87-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-02-18T10:40:17Z",
"details": "important"
}
],
"title": "CVE-2017-5026"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…