openSUSE Security Update : chromium (openSUSE-SU-2014:0982-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium was updated to version 36.0.1985.125. New Functionality :

- Rich Notifications Improvements

- An Updated Incognito / Guest NTP design

- The addition of a Browser crash recovery bubble

- Chrome App Launcher for Linux

- Lots of under the hood changes for stability and
performance Security Fixes (bnc#887952,bnc#887955) :

- CVE-2014-3160: Same-Origin-Policy bypass in SVG

- CVE-2014-3162: Various fixes from internal audits,
fuzzing and other initiatives and 24 more fixes for
which no description was given. Packaging changes :

- Switch to newer method to retrieve toolchain packages.
Dropping the three naclsdk_*tgz files. Everything is now
included in the toolchain_linux_x86.tar.bz2 tarball

- Add Courgette.tar.xz as that the build process now
requires some files from Courgette in order to build
succesfully. This does not mean that Courgette is

Includes also an update to Chromium 35.0.1916.153 Security fixes
(bnc#882264,bnc#882264,bnc#882265,bnc#882263) :

- CVE-2014-3154: Use-after-free in filesystem api

- CVE-2014-3155: Out-of-bounds read in SPDY

- CVE-2014-3156: Buffer overflow in clipboard

- CVE-2014-3157: Heap overflow in media

See also :

Solution :

Update the affected chromium packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 77127 ()

Bugtraq ID: 67972

CVE ID: CVE-2014-3154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now