openSUSE Security Update : Chromium (openSUSE-2015-390)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium was updated to 43.0.2357.65 to fix security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2015-1251: Use-after-free in Speech (boo#931659)

- CVE-2015-1252: Sandbox escape in Chrome (boo#931671)

- CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)

- CVE-2015-1254: Cross-origin bypass in Editing
(boo#931669)

- CVE-2015-1255: Use-after-free in WebAudio (boo#931674)

- CVE-2015-1256: Use-after-free in SVG (boo#931664)

- CVE-2015-1257: Container-overflow in SVG (boo#931665)

- CVE-2015-1258: Negative-size parameter in Libvpx
(boo#931666)

- CVE-2015-1259: Uninitialized value in PDFium
(boo#931667)

- CVE-2015-1260: Use-after-free in WebRTC (boo#931668)

- CVE-2015-1261: URL bar spoofing (boo#931673)

- CVE-2015-1262: Uninitialized value in Blink (boo#931672)

- CVE-2015-1263: Insecure download of spellcheck
dictionary (boo#931663)

- CVE-2015-1264: Cross-site scripting in bookmarks
(boo#931661)

- CVE-2015-1265: Various fixes from internal audits,
fuzzing and other initiatives (boo#931660)

- Multiple vulnerabilities in V8 fixed at the tip of the
4.3 branch (currently 4.3.61.21)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=931659
https://bugzilla.opensuse.org/show_bug.cgi?id=931660
https://bugzilla.opensuse.org/show_bug.cgi?id=931661
https://bugzilla.opensuse.org/show_bug.cgi?id=931663
https://bugzilla.opensuse.org/show_bug.cgi?id=931664
https://bugzilla.opensuse.org/show_bug.cgi?id=931665
https://bugzilla.opensuse.org/show_bug.cgi?id=931666
https://bugzilla.opensuse.org/show_bug.cgi?id=931667
https://bugzilla.opensuse.org/show_bug.cgi?id=931668
https://bugzilla.opensuse.org/show_bug.cgi?id=931669
https://bugzilla.opensuse.org/show_bug.cgi?id=931670
https://bugzilla.opensuse.org/show_bug.cgi?id=931671
https://bugzilla.opensuse.org/show_bug.cgi?id=931672
https://bugzilla.opensuse.org/show_bug.cgi?id=931673
https://bugzilla.opensuse.org/show_bug.cgi?id=931674

Solution :

Update the affected Chromium packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now