opensuse-su-2018:3835-1
Vulnerability from csaf_opensuse
Published
2018-11-20 18:13
Modified
2018-11-20 18:13
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update contains Chromium 70.0.3538.102 and fixes security issues and bugs.
Vulnerabilities fixed in 70.0.3538.102:
- CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)
Vulnerabilities fixed in 70.0.3538.67 (bsc#1112111):
- CVE-2018-17462: Sandbox escape in AppCache
- CVE-2018-17463: Remote code execution in V8
- Heap buffer overflow in Little CMS in PDFium
- CVE-2018-17464: URL spoof in Omnibox
- CVE-2018-17465: Use after free in V8
- CVE-2018-17466: Memory corruption in Angle
- CVE-2018-17467: URL spoof in Omnibox
- CVE-2018-17468: Cross-origin URL disclosure in Blink
- CVE-2018-17469: Heap buffer overflow in PDFium
- CVE-2018-17470: Memory corruption in GPU Internals
- CVE-2018-17471: Security UI occlusion in full screen mode
- CVE-2018-17473: URL spoof in Omnibox
- CVE-2018-17474: Use after free in Blink
- CVE-2018-17475: URL spoof in Omnibox
- CVE-2018-17476: Security UI occlusion in full screen mode
- CVE-2018-5179: Lack of limits on update() in ServiceWorker
- CVE-2018-17477: UI spoof in Extensions
This update contains the following packaging changes:
- VAAPI hardware accelerated rendering is now enabled by default.
- Use the system libusb-1.0 library
- Use bundled harfbuzz library
- Disable gnome-keyring to avoid crashes
- noto-emoji-fonts is no longer a recommended dependency
Patchnames
openSUSE-2018-1436
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update contains Chromium 70.0.3538.102 and fixes security issues and bugs.\n\nVulnerabilities fixed in 70.0.3538.102:\n\n- CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)\n \nVulnerabilities fixed in 70.0.3538.67 (bsc#1112111):\n \n- CVE-2018-17462: Sandbox escape in AppCache\n- CVE-2018-17463: Remote code execution in V8\n- Heap buffer overflow in Little CMS in PDFium\n- CVE-2018-17464: URL spoof in Omnibox\n- CVE-2018-17465: Use after free in V8\n- CVE-2018-17466: Memory corruption in Angle\n- CVE-2018-17467: URL spoof in Omnibox\n- CVE-2018-17468: Cross-origin URL disclosure in Blink\n- CVE-2018-17469: Heap buffer overflow in PDFium\n- CVE-2018-17470: Memory corruption in GPU Internals\n- CVE-2018-17471: Security UI occlusion in full screen mode\n- CVE-2018-17473: URL spoof in Omnibox\n- CVE-2018-17474: Use after free in Blink\n- CVE-2018-17475: URL spoof in Omnibox\n- CVE-2018-17476: Security UI occlusion in full screen mode\n- CVE-2018-5179: Lack of limits on update() in ServiceWorker\n- CVE-2018-17477: UI spoof in Extensions\n\nThis update contains the following packaging changes:\n\n- VAAPI hardware accelerated rendering is now enabled by default.\n- Use the system libusb-1.0 library\n- Use bundled harfbuzz library\n- Disable gnome-keyring to avoid crashes\n- noto-emoji-fonts is no longer a recommended dependency\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2018-1436",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2018_3835-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2018:3835-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2018:3835-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I"
},
{
"category": "self",
"summary": "SUSE Bug 1112111",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "self",
"summary": "SUSE Bug 1115537",
"url": "https://bugzilla.suse.com/1115537"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17462 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17463 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17464 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17465 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17466 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17467 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17468 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17469 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17469/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17470 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17471 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17472 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17473 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17474 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17475 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17475/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17476 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17477 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-17478 page",
"url": "https://www.suse.com/security/cve/CVE-2018-17478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5179 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5179/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2018-11-20T18:13:21Z",
"generator": {
"date": "2018-11-20T18:13:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2018:3835-1",
"initial_release_date": "2018-11-20T18:13:21Z",
"revision_history": [
{
"date": "2018-11-20T18:13:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-70.0.3538.102-74.1.x86_64",
"product": {
"name": "chromedriver-70.0.3538.102-74.1.x86_64",
"product_id": "chromedriver-70.0.3538.102-74.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-70.0.3538.102-74.1.x86_64",
"product": {
"name": "chromium-70.0.3538.102-74.1.x86_64",
"product_id": "chromium-70.0.3538.102-74.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-70.0.3538.102-74.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64"
},
"product_reference": "chromedriver-70.0.3538.102-74.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-70.0.3538.102-74.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
},
"product_reference": "chromium-70.0.3538.102-74.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-17462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17462"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17462",
"url": "https://www.suse.com/security/cve/CVE-2018-17462"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17462",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17462",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17462"
},
{
"cve": "CVE-2018-17463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17463"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17463",
"url": "https://www.suse.com/security/cve/CVE-2018-17463"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17463",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17463",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17463"
},
{
"cve": "CVE-2018-17464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17464"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17464",
"url": "https://www.suse.com/security/cve/CVE-2018-17464"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17464",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17464",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17464"
},
{
"cve": "CVE-2018-17465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17465"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17465",
"url": "https://www.suse.com/security/cve/CVE-2018-17465"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17465",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17465",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17465"
},
{
"cve": "CVE-2018-17466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17466"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17466",
"url": "https://www.suse.com/security/cve/CVE-2018-17466"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1119105"
},
{
"category": "external",
"summary": "SUSE Bug 1121207 for CVE-2018-17466",
"url": "https://bugzilla.suse.com/1121207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17466"
},
{
"cve": "CVE-2018-17467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17467"
}
],
"notes": [
{
"category": "general",
"text": "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17467",
"url": "https://www.suse.com/security/cve/CVE-2018-17467"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17467",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17467",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17467"
},
{
"cve": "CVE-2018-17468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17468"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17468",
"url": "https://www.suse.com/security/cve/CVE-2018-17468"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17468",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17468",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17468"
},
{
"cve": "CVE-2018-17469",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17469"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17469",
"url": "https://www.suse.com/security/cve/CVE-2018-17469"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17469",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17469",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17469"
},
{
"cve": "CVE-2018-17470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17470"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17470",
"url": "https://www.suse.com/security/cve/CVE-2018-17470"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17470",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17470",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17470"
},
{
"cve": "CVE-2018-17471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17471"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17471",
"url": "https://www.suse.com/security/cve/CVE-2018-17471"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17471",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17471",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17471"
},
{
"cve": "CVE-2018-17472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17472"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the \u003ciframe\u003e sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17472",
"url": "https://www.suse.com/security/cve/CVE-2018-17472"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17472",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17472",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17472"
},
{
"cve": "CVE-2018-17473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17473"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17473",
"url": "https://www.suse.com/security/cve/CVE-2018-17473"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17473",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17473",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17473"
},
{
"cve": "CVE-2018-17474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17474"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17474",
"url": "https://www.suse.com/security/cve/CVE-2018-17474"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17474",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17474",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17474"
},
{
"cve": "CVE-2018-17475",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17475"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17475",
"url": "https://www.suse.com/security/cve/CVE-2018-17475"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17475",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17475",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17475"
},
{
"cve": "CVE-2018-17476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17476"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17476",
"url": "https://www.suse.com/security/cve/CVE-2018-17476"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17476",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17476",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17476"
},
{
"cve": "CVE-2018-17477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17477"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17477",
"url": "https://www.suse.com/security/cve/CVE-2018-17477"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-17477",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-17477",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-17477"
},
{
"cve": "CVE-2018-17478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-17478"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-17478",
"url": "https://www.suse.com/security/cve/CVE-2018-17478"
},
{
"category": "external",
"summary": "SUSE Bug 1115537 for CVE-2018-17478",
"url": "https://bugzilla.suse.com/1115537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "moderate"
}
],
"title": "CVE-2018-17478"
},
{
"cve": "CVE-2018-5179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5179"
}
],
"notes": [
{
"category": "general",
"text": "A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5179",
"url": "https://www.suse.com/security/cve/CVE-2018-5179"
},
{
"category": "external",
"summary": "SUSE Bug 1112111 for CVE-2018-5179",
"url": "https://bugzilla.suse.com/1112111"
},
{
"category": "external",
"summary": "SUSE Bug 1119105 for CVE-2018-5179",
"url": "https://bugzilla.suse.com/1119105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-70.0.3538.102-74.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-70.0.3538.102-74.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-20T18:13:21Z",
"details": "low"
}
],
"title": "CVE-2018-5179"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…