SUSE-SU-2016:2251-1

Source
https://www.suse.com/support/update/announcement/2016/suse-su-20162251-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:2251-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2016:2251-1
Related
  • CVE-2016-5147
  • CVE-2016-5148
  • CVE-2016-5149
  • CVE-2016-5150
  • CVE-2016-5151
  • CVE-2016-5152
  • CVE-2016-5153
  • CVE-2016-5154
  • CVE-2016-5155
  • CVE-2016-5156
  • CVE-2016-5157
  • CVE-2016-5158
  • CVE-2016-5159
  • CVE-2016-5160
  • CVE-2016-5161
  • CVE-2016-5162
  • CVE-2016-5163
  • CVE-2016-5164
  • CVE-2016-5165
  • CVE-2016-5166
Published
2016-09-01T12:42:13Z
Modified
2016-09-01T12:42:13Z
Summary
Security update for Chromium
Details

Chromium was updated to 53.0.2785.89 to fix a number of security issues.

The following vulnerabilities were fixed: (boo#996648)

  • CVE-2016-5147: Universal XSS in Blink.
  • CVE-2016-5148: Universal XSS in Blink.
  • CVE-2016-5149: Script injection in extensions.
  • CVE-2016-5150: Use after free in Blink.
  • CVE-2016-5151: Use after free in PDFium.
  • CVE-2016-5152: Heap overflow in PDFium.
  • CVE-2016-5153: Use after destruction in Blink.
  • CVE-2016-5154: Heap overflow in PDFium.
  • CVE-2016-5155: Address bar spoofing.
  • CVE-2016-5156: Use after free in event bindings.
  • CVE-2016-5157: Heap overflow in PDFium.
  • CVE-2016-5158: Heap overflow in PDFium.
  • CVE-2016-5159: Heap overflow in PDFium.
  • CVE-2016-5161: Type confusion in Blink.
  • CVE-2016-5162: Extensions web accessible resources bypass.
  • CVE-2016-5163: Address bar spoofing.
  • CVE-2016-5164: Universal XSS using DevTools.
  • CVE-2016-5165: Script injection in DevTools.
  • CVE-2016-5166: SMB Relay Attack via Save Page As.
  • CVE-2016-5160: Extensions web accessible resources bypass.

A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)

References

Affected packages

SUSE:Package Hub 12 / chromium

Package

Name
chromium
Purl
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
53.0.2785.89-96.1

Ecosystem specific

{
    "binaries": [
        {
            "chromium-desktop-gnome": "53.0.2785.89-96.1",
            "chromedriver": "53.0.2785.89-96.1",
            "chromium": "53.0.2785.89-96.1",
            "chromium-desktop-kde": "53.0.2785.89-96.1",
            "chromium-ffmpegsumo": "53.0.2785.89-96.1"
        }
    ]
}