openSUSE Security Update : Chromium (openSUSE-2015-390)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium was updated to 43.0.2357.65 to fix security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2015-1251: Use-after-free in Speech (boo#931659)

- CVE-2015-1252: Sandbox escape in Chrome (boo#931671)

- CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)

- CVE-2015-1254: Cross-origin bypass in Editing

- CVE-2015-1255: Use-after-free in WebAudio (boo#931674)

- CVE-2015-1256: Use-after-free in SVG (boo#931664)

- CVE-2015-1257: Container-overflow in SVG (boo#931665)

- CVE-2015-1258: Negative-size parameter in Libvpx

- CVE-2015-1259: Uninitialized value in PDFium

- CVE-2015-1260: Use-after-free in WebRTC (boo#931668)

- CVE-2015-1261: URL bar spoofing (boo#931673)

- CVE-2015-1262: Uninitialized value in Blink (boo#931672)

- CVE-2015-1263: Insecure download of spellcheck
dictionary (boo#931663)

- CVE-2015-1264: Cross-site scripting in bookmarks

- CVE-2015-1265: Various fixes from internal audits,
fuzzing and other initiatives (boo#931660)

- Multiple vulnerabilities in V8 fixed at the tip of the
4.3 branch (currently

See also :

Solution :

Update the affected Chromium packages.

Risk factor :

High / CVSS Base Score : 7.5

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now