openSUSE Security Update : chromium (openSUSE-2017-854)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update Chromium to version 60.0.3112.78 fixes security issue and
bugs.

The following security issues were fixed :

- CVE-2017-5091: Use after free in IndexedDB

- CVE-2017-5092: Use after free in PPAPI

- CVE-2017-5093: UI spoofing in Blink

- CVE-2017-5094: Type confusion in extensions

- CVE-2017-5095: Out-of-bounds write in PDFium

- CVE-2017-5096: User information leak via Android intents

- CVE-2017-5097: Out-of-bounds read in Skia

- CVE-2017-5098: Use after free in V8

- CVE-2017-5099: Out-of-bounds write in PPAPI

- CVE-2017-5100: Use after free in Chrome Apps

- CVE-2017-5101: URL spoofing in OmniBox

- CVE-2017-5102: Uninitialized use in Skia

- CVE-2017-5103: Uninitialized use in Skia

- CVE-2017-5104: UI spoofing in browser

- CVE-2017-7000: Pointer disclosure in SQLite

- CVE-2017-5105: URL spoofing in OmniBox

- CVE-2017-5106: URL spoofing in OmniBox

- CVE-2017-5107: User information leak via SVG

- CVE-2017-5108: Type confusion in PDFium

- CVE-2017-5109: UI spoofing in browser

- CVE-2017-5110: UI spoofing in payments dialog

- Various fixes from internal audits, fuzzing and other
initiatives

A number of upstream bugfixes are also included in this release.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1050537

Solution :

Update the affected chromium packages.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now