openSUSE Security Update : Chromium (openSUSE-2016-238)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Chromium 48.0.2564.109 fixes the following issues :

Security fixes (boo#965999) :

- CVE-2016-1622: Same-origin bypass in Extensions

- CVE-2016-1623: Same-origin bypass in DOM

- CVE-2016-1624: Buffer overflow in Brotli

- CVE-2016-1625: Navigation bypass in Chrome Instant

- CVE-2016-1626: Out-of-bounds read in PDFium

- CVE-2016-1627: Various fixes from internal audits,
fuzzing and other initiatives

Non-security bug fixes :

- boo#965738: resolve issues with specific banking
websites when built against system libraries

- boo#966082: chromium: sandbox related stacktrace printed

- boo#965566: Drop libva support

- Prevent graphical issues related to libjpeg

- On KDE 5 kwallet5 is the default password store now

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=965566
https://bugzilla.opensuse.org/show_bug.cgi?id=965738
https://bugzilla.opensuse.org/show_bug.cgi?id=965999
https://bugzilla.opensuse.org/show_bug.cgi?id=966082

Solution :

Update the affected Chromium packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88879 ()

Bugtraq ID:

CVE ID: CVE-2016-1622
CVE-2016-1623
CVE-2016-1624
CVE-2016-1625
CVE-2016-1626
CVE-2016-1627

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now