openSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)

High Nessus Plugin ID 75155

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

- Update to 26.0.1383

- Security fixes (bnc#798326)

- CVE-2012-5145: Use-after-free in SVG layout

- CVE-2012-5146: Same origin policy bypass with malformed URL

- CVE-2012-5147: Use-after-free in DOM handling

- CVE-2012-5148: Missing filename sanitization in hyphenation support

- CVE-2012-5149: Integer overflow in audio IPC handling

- CVE-2012-5150: Use-after-free when seeking video

- CVE-2012-5152: Out-of-bounds read when seeking video

- CVE-2012-5153: Out-of-bounds stack access in v8.

- CVE-2012-5154: Integer overflow in shared memory allocation

- CVE-2013-0830: Missing NUL termination in IPC.

- CVE-2013-0831: Possible path traversal from extension process

- CVE-2013-0832: Use-after-free with printing.

- CVE-2013-0833: Out-of-bounds read with printing.

- CVE-2013-0834: Out-of-bounds read with glyph handling

- CVE-2013-0835: Browser crash with geolocation

- CVE-2013-0836: Crash in v8 garbage collection.

- CVE-2013-0837: Crash in extension tab handling.

- CVE-2013-0838: Tighten permissions on shared memory segments

- Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys . # Note: these are for openSUSE Chromium builds ONLY!! (Setup was done based on indication from Pawel Hajdan)

- Change the default setting for password-store to basic.
(bnc#795860)

- Fixes from Update to 25.0.1352

- Fixed garbled header and footer text in print preview.

- Fixed broken profile with system-wide installation and

- Fixed stability crashes like 158747, 159437, 149139, 160914,

- Add a configuration file (/etc/default/chromium) where we can indicate flags for the chromium-browser.

- (gtk) Fixed <input> selection renders white text on white

- Fixed translate infobar button to show selected language.

- Update to 25.0.1329

- No further indications in the ChangeLog

- Update to 25.0.1319

- No further indications in the Changelog

- Update to 24.0.1308

- Updated V8 - 3.14.5.0

- Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix.

- Fixed chromium issues 155871, 154173, 155133.

- No further indications in the ChangeLog.

- Update to 24.0.1283

Solution

Update the affected chromium packages.

See Also

http://www.chromium.org/developers/how-tos/api-keys

https://bugzilla.novell.com/show_bug.cgi?id=795860

https://bugzilla.novell.com/show_bug.cgi?id=798326

https://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html

Plugin Details

Severity: High

ID: 75155

File Name: openSUSE-2013-72.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromedriver-debuginfo, p-cpe:/a:novell:opensuse:chromium, p-cpe:/a:novell:opensuse:chromium-debuginfo, p-cpe:/a:novell:opensuse:chromium-debugsource, p-cpe:/a:novell:opensuse:chromium-desktop-gnome, p-cpe:/a:novell:opensuse:chromium-desktop-kde, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo, p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo, p-cpe:/a:novell:opensuse:chromium-suid-helper, p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo, cpe:/o:novell:opensuse:12.1, cpe:/o:novell:opensuse:12.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/01/23

Vulnerability Publication Date: 2013/01/15

Reference Information

CVE: CVE-2012-5145, CVE-2012-5146, CVE-2012-5147, CVE-2012-5148, CVE-2012-5149, CVE-2012-5150, CVE-2012-5152, CVE-2012-5153, CVE-2012-5154, CVE-2013-0830, CVE-2013-0831, CVE-2013-0832, CVE-2013-0833, CVE-2013-0834, CVE-2013-0835, CVE-2013-0836, CVE-2013-0837, CVE-2013-0838

BID: 59413, 59423