openSUSE Security Update : Chromium (openSUSE-2016-900)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Chromium was updated to 52.0.2743.82 to fix the following security
issues (boo#989901) :

- CVE-2016-1706: Sandbox escape in PPAPI

- CVE-2016-1707: URL spoofing on iOS

- CVE-2016-1708: Use-after-free in Extensions

- CVE-2016-1709: Heap-buffer-overflow in sfntly

- CVE-2016-1710: Same-origin bypass in Blink

- CVE-2016-1711: Same-origin bypass in Blink

- CVE-2016-5127: Use-after-free in Blink

- CVE-2016-5128: Same-origin bypass in V8

- CVE-2016-5129: Memory corruption in V8

- CVE-2016-5130: URL spoofing

- CVE-2016-5131: Use-after-free in libxml

- CVE-2016-5132: Limited same-origin bypass in Service
Workers

- CVE-2016-5133: Origin confusion in proxy authentication

- CVE-2016-5134: URL leakage via PAC script

- CVE-2016-5135: Content-Security-Policy bypass

- CVE-2016-5136: Use after free in extensions

- CVE-2016-5137: History sniffing with HSTS and CSP

- CVE-2016-1705: Various fixes from internal audits,
fuzzing and other initiatives

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=989901

Solution :

Update the affected Chromium packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now