opensuse-su-2017:1994-1
Vulnerability from csaf_opensuse
Published
2017-07-28 12:59
Modified
2017-07-28 12:59
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update Chromium to version 60.0.3112.78 fixes security issue and bugs.
The following security issues were fixed:
* CVE-2017-5091: Use after free in IndexedDB
* CVE-2017-5092: Use after free in PPAPI
* CVE-2017-5093: UI spoofing in Blink
* CVE-2017-5094: Type confusion in extensions
* CVE-2017-5095: Out-of-bounds write in PDFium
* CVE-2017-5096: User information leak via Android intents
* CVE-2017-5097: Out-of-bounds read in Skia
* CVE-2017-5098: Use after free in V8
* CVE-2017-5099: Out-of-bounds write in PPAPI
* CVE-2017-5100: Use after free in Chrome Apps
* CVE-2017-5101: URL spoofing in OmniBox
* CVE-2017-5102: Uninitialized use in Skia
* CVE-2017-5103: Uninitialized use in Skia
* CVE-2017-5104: UI spoofing in browser
* CVE-2017-7000: Pointer disclosure in SQLite
* CVE-2017-5105: URL spoofing in OmniBox
* CVE-2017-5106: URL spoofing in OmniBox
* CVE-2017-5107: User information leak via SVG
* CVE-2017-5108: Type confusion in PDFium
* CVE-2017-5109: UI spoofing in browser
* CVE-2017-5110: UI spoofing in payments dialog
* Various fixes from internal audits, fuzzing and other initiatives
A number of upstream bugfixes are also included in this release.
Patchnames
openSUSE-2017-854
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update Chromium to version 60.0.3112.78 fixes security issue and bugs.\n\nThe following security issues were fixed:\n\n * CVE-2017-5091: Use after free in IndexedDB\n * CVE-2017-5092: Use after free in PPAPI\n * CVE-2017-5093: UI spoofing in Blink\n * CVE-2017-5094: Type confusion in extensions\n * CVE-2017-5095: Out-of-bounds write in PDFium\n * CVE-2017-5096: User information leak via Android intents\n * CVE-2017-5097: Out-of-bounds read in Skia\n * CVE-2017-5098: Use after free in V8\n * CVE-2017-5099: Out-of-bounds write in PPAPI\n * CVE-2017-5100: Use after free in Chrome Apps\n * CVE-2017-5101: URL spoofing in OmniBox\n * CVE-2017-5102: Uninitialized use in Skia\n * CVE-2017-5103: Uninitialized use in Skia\n * CVE-2017-5104: UI spoofing in browser\n * CVE-2017-7000: Pointer disclosure in SQLite\n * CVE-2017-5105: URL spoofing in OmniBox\n * CVE-2017-5106: URL spoofing in OmniBox\n * CVE-2017-5107: User information leak via SVG\n * CVE-2017-5108: Type confusion in PDFium\n * CVE-2017-5109: UI spoofing in browser\n * CVE-2017-5110: UI spoofing in payments dialog\n * Various fixes from internal audits, fuzzing and other initiatives\n\nA number of upstream bugfixes are also included in this release.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-854",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_1994-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2017:1994-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4N4RWNYPKTOSSMOAKEGDGB37CK652UQF/#4N4RWNYPKTOSSMOAKEGDGB37CK652UQF"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2017:1994-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4N4RWNYPKTOSSMOAKEGDGB37CK652UQF/#4N4RWNYPKTOSSMOAKEGDGB37CK652UQF"
},
{
"category": "self",
"summary": "SUSE Bug 1050537",
"url": "https://bugzilla.suse.com/1050537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5091 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5092 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5093 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5094 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5095 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5096 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5097 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5098 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5099 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5100 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5101 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5102 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5103 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5104 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5105 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5106 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5107 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5108 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5109 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5110 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7000 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7000/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2017-07-28T12:59:09Z",
"generator": {
"date": "2017-07-28T12:59:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:1994-1",
"initial_release_date": "2017-07-28T12:59:09Z",
"revision_history": [
{
"date": "2017-07-28T12:59:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-60.0.3112.78-26.1.x86_64",
"product": {
"name": "chromedriver-60.0.3112.78-26.1.x86_64",
"product_id": "chromedriver-60.0.3112.78-26.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-60.0.3112.78-26.1.x86_64",
"product": {
"name": "chromium-60.0.3112.78-26.1.x86_64",
"product_id": "chromium-60.0.3112.78-26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-60.0.3112.78-26.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64"
},
"product_reference": "chromedriver-60.0.3112.78-26.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-60.0.3112.78-26.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
},
"product_reference": "chromium-60.0.3112.78-26.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5091"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5091",
"url": "https://www.suse.com/security/cve/CVE-2017-5091"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5091",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5091"
},
{
"cve": "CVE-2017-5092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5092"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5092",
"url": "https://www.suse.com/security/cve/CVE-2017-5092"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5092",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5092"
},
{
"cve": "CVE-2017-5093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5093"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5093",
"url": "https://www.suse.com/security/cve/CVE-2017-5093"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5093",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5093"
},
{
"cve": "CVE-2017-5094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5094"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5094",
"url": "https://www.suse.com/security/cve/CVE-2017-5094"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5094",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5094"
},
{
"cve": "CVE-2017-5095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5095"
}
],
"notes": [
{
"category": "general",
"text": "Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5095",
"url": "https://www.suse.com/security/cve/CVE-2017-5095"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5095",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5095"
},
{
"cve": "CVE-2017-5096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5096"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5096",
"url": "https://www.suse.com/security/cve/CVE-2017-5096"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5096",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5096"
},
{
"cve": "CVE-2017-5097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5097"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5097",
"url": "https://www.suse.com/security/cve/CVE-2017-5097"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5097",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5097"
},
{
"cve": "CVE-2017-5098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5098"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5098",
"url": "https://www.suse.com/security/cve/CVE-2017-5098"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5098",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5098"
},
{
"cve": "CVE-2017-5099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5099"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5099",
"url": "https://www.suse.com/security/cve/CVE-2017-5099"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5099",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5099"
},
{
"cve": "CVE-2017-5100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5100"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5100",
"url": "https://www.suse.com/security/cve/CVE-2017-5100"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5100",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5100"
},
{
"cve": "CVE-2017-5101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5101"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5101",
"url": "https://www.suse.com/security/cve/CVE-2017-5101"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5101",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5101"
},
{
"cve": "CVE-2017-5102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5102"
}
],
"notes": [
{
"category": "general",
"text": "Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5102",
"url": "https://www.suse.com/security/cve/CVE-2017-5102"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5102",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5102"
},
{
"cve": "CVE-2017-5103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5103"
}
],
"notes": [
{
"category": "general",
"text": "Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5103",
"url": "https://www.suse.com/security/cve/CVE-2017-5103"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5103",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5103"
},
{
"cve": "CVE-2017-5104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5104"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5104",
"url": "https://www.suse.com/security/cve/CVE-2017-5104"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5104",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5104"
},
{
"cve": "CVE-2017-5105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5105"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5105",
"url": "https://www.suse.com/security/cve/CVE-2017-5105"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5105",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5105"
},
{
"cve": "CVE-2017-5106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5106"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5106",
"url": "https://www.suse.com/security/cve/CVE-2017-5106"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5106",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5106"
},
{
"cve": "CVE-2017-5107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5107"
}
],
"notes": [
{
"category": "general",
"text": "A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe\u0027d via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5107",
"url": "https://www.suse.com/security/cve/CVE-2017-5107"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5107",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5107"
},
{
"cve": "CVE-2017-5108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5108"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5108",
"url": "https://www.suse.com/security/cve/CVE-2017-5108"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5108",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5108"
},
{
"cve": "CVE-2017-5109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5109"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5109",
"url": "https://www.suse.com/security/cve/CVE-2017-5109"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5109",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5109"
},
{
"cve": "CVE-2017-5110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5110"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5110",
"url": "https://www.suse.com/security/cve/CVE-2017-5110"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-5110",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-5110"
},
{
"cve": "CVE-2017-7000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7000"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7000",
"url": "https://www.suse.com/security/cve/CVE-2017-7000"
},
{
"category": "external",
"summary": "SUSE Bug 1050537 for CVE-2017-7000",
"url": "https://bugzilla.suse.com/1050537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-60.0.3112.78-26.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-60.0.3112.78-26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-07-28T12:59:09Z",
"details": "important"
}
],
"title": "CVE-2017-7000"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…