openSUSE Security Update : chromium (openSUSE-SU-2012:0492-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Security update for Chromium and V8 to 18.0.1025.142.

Following bugs are listed in the Chrome changelog :

- [$500]
?id=109574>] Medium CVE-2011-3058: Bad interaction
possibly leading to XSS in EUC-JP. Credit to Masato

- [$500]
?id=112317>] Medium CVE-2011-3059: Out-of-bounds read in
SVG text handling. Credit to Arthur Gerkis.

- [$500]
?id=114056>] Medium CVE-2011-3060: Out-of-bounds read in
text fragment handling. Credit to miaubiz.

- [116398
398>] Medium CVE-2011-3061: SPDY proxy certificate
checking error. Credit to Leonidas Kontothanassis of

- [116524
524>] High CVE-2011-3062: Off-by-one in OpenType
Sanitizer. Credit to Mateusz Jurczyk of the Google
Security Team.

- [117417
417>] Low CVE-2011-3063: Validate navigation requests
from the renderer more carefully. Credit to kuzzcc,
Sergey Glazunov, PinkiePie and scarybeasts (Google
Chrome Security Team).

- [$1000]
?id=117471>] High CVE-2011-3064: Use-after-free in SVG
clipping. Credit to Atte Kettunen of OUSPG.

- [$1000]
?id=117588>] High CVE-2011-3065: Memory corruption in
Skia. Credit to Omair.

- [$500]
?id=117794>] Medium CVE-2011-3057: Invalid read in v8.
Credit to Christian Holler.

The bugs
[114056 <>]
and [ 117471
<>] were
detected using
ssSanitizer> .

We'd also like to thank miaubiz, Chamal de Silva, Atte Kettunen of
OUSPG, Aki Helin of OUSPG and Arthur Gerkis for working with us during
the development cycle and preventing security regressions from ever
reaching the stable channel. $8000 of additional rewards were issued
for this awesomeness

See also :

Solution :

Update the affected chromium packages.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 74592 ()

Bugtraq ID:

CVE ID: CVE-2011-3057

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now