openSUSE Security Update : chromium (openSUSE-2017-854)
Medium Nessus Plugin ID 102054
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update Chromium to version 60.0.3112.78 fixes security issue and bugs.
The following security issues were fixed :
- CVE-2017-5091: Use after free in IndexedDB
- CVE-2017-5092: Use after free in PPAPI
- CVE-2017-5093: UI spoofing in Blink
- CVE-2017-5094: Type confusion in extensions
- CVE-2017-5095: Out-of-bounds write in PDFium
- CVE-2017-5096: User information leak via Android intents
- CVE-2017-5097: Out-of-bounds read in Skia
- CVE-2017-5098: Use after free in V8
- CVE-2017-5099: Out-of-bounds write in PPAPI
- CVE-2017-5100: Use after free in Chrome Apps
- CVE-2017-5101: URL spoofing in OmniBox
- CVE-2017-5102: Uninitialized use in Skia
- CVE-2017-5103: Uninitialized use in Skia
- CVE-2017-5104: UI spoofing in browser
- CVE-2017-7000: Pointer disclosure in SQLite
- CVE-2017-5105: URL spoofing in OmniBox
- CVE-2017-5106: URL spoofing in OmniBox
- CVE-2017-5107: User information leak via SVG
- CVE-2017-5108: Type confusion in PDFium
- CVE-2017-5109: UI spoofing in browser
- CVE-2017-5110: UI spoofing in payments dialog
- Various fixes from internal audits, fuzzing and other initiatives
A number of upstream bugfixes are also included in this release.
SolutionUpdate the affected chromium packages.