openSUSE Security Update : Chromium (openSUSE-2016-109)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium was updated to 48.0.2564.82 to fix security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2016-1612: Bad cast in V8 (boo#963184)

- CVE-2016-1613: Use-after-free in PDFium (boo#963185)

- CVE-2016-1614: Information leak in Blink (boo#963186)

- CVE-2016-1615: Origin confusion in Omnibox (boo#963187)

- CVE-2016-1616: URL Spoofing (boo#963188)

- CVE-2016-1617: History sniffing with HSTS and CSP
(boo#963189)

- CVE-2016-1618: Weak random number generator in Blink
(boo#963190)

- CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)

- CVE-2016-1620 chromium-browser: various fixes
(boo#963192)

This update also enables SSE2 support on x86_64, VA-API hardware
acceleration and fixes a crash when trying to enable the Chromecast
extension.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=963184
https://bugzilla.opensuse.org/show_bug.cgi?id=963185
https://bugzilla.opensuse.org/show_bug.cgi?id=963186
https://bugzilla.opensuse.org/show_bug.cgi?id=963187
https://bugzilla.opensuse.org/show_bug.cgi?id=963188
https://bugzilla.opensuse.org/show_bug.cgi?id=963189
https://bugzilla.opensuse.org/show_bug.cgi?id=963190
https://bugzilla.opensuse.org/show_bug.cgi?id=963191
https://bugzilla.opensuse.org/show_bug.cgi?id=963192

Solution :

Update the affected Chromium packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88539 ()

Bugtraq ID:

CVE ID: CVE-2016-1612
CVE-2016-1613
CVE-2016-1614
CVE-2016-1615
CVE-2016-1616
CVE-2016-1617
CVE-2016-1618
CVE-2016-1619
CVE-2016-1620

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now