suse-su-2016:2597-1
Vulnerability from csaf_suse
Published
2016-10-19 15:50
Modified
2016-10-19 15:50
Summary
Security update for Chromium
Notes
Title of the patch
Security update for Chromium
Description of the patch
Chromium was updated to 54.0.2840.59 to fix security issues and bugs.
The following security issues are fixed (bnc#1004465):
- CVE-2016-5181: Universal XSS in Blink
- CVE-2016-5182: Heap overflow in Blink
- CVE-2016-5183: Use after free in PDFium
- CVE-2016-5184: Use after free in PDFium
- CVE-2016-5185: Use after free in Blink
- CVE-2016-5187: URL spoofing
- CVE-2016-5188: UI spoofing
- CVE-2016-5192: Cross-origin bypass in Blink
- CVE-2016-5189: URL spoofing
- CVE-2016-5186: Out of bounds read in DevTools
- CVE-2016-5191: Universal XSS in Bookmarks
- CVE-2016-5190: Use after free in Internals
- CVE-2016-5193: Scheme bypass
The following bugs were fixed:
- bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher
The following packaging changes are included:
- The desktop sub-packages are no obsolete
- The package now uses the system variants of some bundled libraries
- The hangouts extension is now built
Patchnames
5717
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\nThe following security issues are fixed (bnc#1004465):\n\n- CVE-2016-5181: Universal XSS in Blink\n- CVE-2016-5182: Heap overflow in Blink\n- CVE-2016-5183: Use after free in PDFium\n- CVE-2016-5184: Use after free in PDFium\n- CVE-2016-5185: Use after free in Blink\n- CVE-2016-5187: URL spoofing\n- CVE-2016-5188: UI spoofing\n- CVE-2016-5192: Cross-origin bypass in Blink\n- CVE-2016-5189: URL spoofing\n- CVE-2016-5186: Out of bounds read in DevTools\n- CVE-2016-5191: Universal XSS in Bookmarks\n- CVE-2016-5190: Use after free in Internals\n- CVE-2016-5193: Scheme bypass\n\nThe following bugs were fixed:\n\n- bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher\n\nThe following packaging changes are included:\n\n- The desktop sub-packages are no obsolete\n- The package now uses the system variants of some bundled libraries\n- The hangouts extension is now built\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "5717",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2597-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2597-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/"
},
{
"category": "self",
"summary": "SUSE Bug 1000019",
"url": "https://bugzilla.suse.com/1000019"
},
{
"category": "self",
"summary": "SUSE Bug 1004465",
"url": "https://bugzilla.suse.com/1004465"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5181 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5182 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5183 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5184 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5185 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5186 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5187 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5188 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5189 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5190 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5191 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5192 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5193 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5193/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2016-10-19T15:50:17Z",
"generator": {
"date": "2016-10-19T15:50:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2597-1",
"initial_release_date": "2016-10-19T15:50:17Z",
"revision_history": [
{
"date": "2016-10-19T15:50:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-54.0.2840.59-109.1.x86_64",
"product": {
"name": "chromedriver-54.0.2840.59-109.1.x86_64",
"product_id": "chromedriver-54.0.2840.59-109.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-54.0.2840.59-109.1.x86_64",
"product": {
"name": "chromium-54.0.2840.59-109.1.x86_64",
"product_id": "chromium-54.0.2840.59-109.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64",
"product": {
"name": "chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64",
"product_id": "chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-54.0.2840.59-109.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64"
},
"product_reference": "chromedriver-54.0.2840.59-109.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-54.0.2840.59-109.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64"
},
"product_reference": "chromium-54.0.2840.59-109.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
},
"product_reference": "chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5181"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5181",
"url": "https://www.suse.com/security/cve/CVE-2016-5181"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5181",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5181"
},
{
"cve": "CVE-2016-5182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5182"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5182",
"url": "https://www.suse.com/security/cve/CVE-2016-5182"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5182",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5182"
},
{
"cve": "CVE-2016-5183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5183"
}
],
"notes": [
{
"category": "general",
"text": "A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5183",
"url": "https://www.suse.com/security/cve/CVE-2016-5183"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5183",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5183"
},
{
"cve": "CVE-2016-5184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5184"
}
],
"notes": [
{
"category": "general",
"text": "PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5184",
"url": "https://www.suse.com/security/cve/CVE-2016-5184"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5184",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5184"
},
{
"cve": "CVE-2016-5185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5185"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5185",
"url": "https://www.suse.com/security/cve/CVE-2016-5185"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5185",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5185"
},
{
"cve": "CVE-2016-5186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5186"
}
],
"notes": [
{
"category": "general",
"text": "Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5186",
"url": "https://www.suse.com/security/cve/CVE-2016-5186"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5186",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5186"
},
{
"cve": "CVE-2016-5187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5187"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5187",
"url": "https://www.suse.com/security/cve/CVE-2016-5187"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5187",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5187"
},
{
"cve": "CVE-2016-5188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5188"
}
],
"notes": [
{
"category": "general",
"text": "Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5188",
"url": "https://www.suse.com/security/cve/CVE-2016-5188"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5188",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5188"
},
{
"cve": "CVE-2016-5189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5189"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5189",
"url": "https://www.suse.com/security/cve/CVE-2016-5189"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5189",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5189"
},
{
"cve": "CVE-2016-5190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5190"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5190",
"url": "https://www.suse.com/security/cve/CVE-2016-5190"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5190",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5190"
},
{
"cve": "CVE-2016-5191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5191"
}
],
"notes": [
{
"category": "general",
"text": "Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5191",
"url": "https://www.suse.com/security/cve/CVE-2016-5191"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5191",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5191"
},
{
"cve": "CVE-2016-5192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5192"
}
],
"notes": [
{
"category": "general",
"text": "Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5192",
"url": "https://www.suse.com/security/cve/CVE-2016-5192"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5192",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5192"
},
{
"cve": "CVE-2016-5193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5193"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5193",
"url": "https://www.suse.com/security/cve/CVE-2016-5193"
},
{
"category": "external",
"summary": "SUSE Bug 1004465 for CVE-2016-5193",
"url": "https://bugzilla.suse.com/1004465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-54.0.2840.59-109.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-54.0.2840.59-109.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-10-19T15:50:17Z",
"details": "critical"
}
],
"title": "CVE-2016-5193"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…