Vulnerability from csaf_opensuse
Published
2016-12-16 22:45
Modified
2016-12-16 22:45
Summary
Security update for Chromium
Notes
Title of the patch
Security update for Chromium
Description of the patch
This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:
- CVE-2016-9651: Private property access in V8
- CVE-2016-5208: Universal XSS in Blink
- CVE-2016-5207: Universal XSS in Blink
- CVE-2016-5206: Same-origin bypass in PDFium
- CVE-2016-5205: Universal XSS in Blink
- CVE-2016-5204: Universal XSS in Blink
- CVE-2016-5209: Out of bounds write in Blink
- CVE-2016-5203: Use after free in PDFium
- CVE-2016-5210: Out of bounds write in PDFium
- CVE-2016-5212: Local file disclosure in DevTools
- CVE-2016-5211: Use after free in PDFium
- CVE-2016-5213: Use after free in V8
- CVE-2016-5214: File download protection bypass
- CVE-2016-5216: Use after free in PDFium
- CVE-2016-5215: Use after free in Webaudio
- CVE-2016-5217: Use of unvalidated data in PDFium
- CVE-2016-5218: Address spoofing in Omnibox
- CVE-2016-5219: Use after free in V8
- CVE-2016-5221: Integer overflow in ANGLE
- CVE-2016-5220: Local file access in PDFium
- CVE-2016-5222: Address spoofing in Omnibox
- CVE-2016-9650: CSP Referrer disclosure
- CVE-2016-5223: Integer overflow in PDFium
- CVE-2016-5226: Limited XSS in Blink
- CVE-2016-5225: CSP bypass in Blink
- CVE-2016-5224: Same-origin bypass in SVG
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives
The default bookmarks override was removed.
The following packaging changes are included:
- Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.
- Chromium now requires harfbuzz >= 1.3.0
Patchnames
openSUSE-2016-1496
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Chromium", title: "Title of the patch", }, { category: "description", text: "This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:\n\n- CVE-2016-9651: Private property access in V8\n- CVE-2016-5208: Universal XSS in Blink\n- CVE-2016-5207: Universal XSS in Blink\n- CVE-2016-5206: Same-origin bypass in PDFium\n- CVE-2016-5205: Universal XSS in Blink\n- CVE-2016-5204: Universal XSS in Blink\n- CVE-2016-5209: Out of bounds write in Blink\n- CVE-2016-5203: Use after free in PDFium\n- CVE-2016-5210: Out of bounds write in PDFium\n- CVE-2016-5212: Local file disclosure in DevTools\n- CVE-2016-5211: Use after free in PDFium\n- CVE-2016-5213: Use after free in V8\n- CVE-2016-5214: File download protection bypass\n- CVE-2016-5216: Use after free in PDFium\n- CVE-2016-5215: Use after free in Webaudio\n- CVE-2016-5217: Use of unvalidated data in PDFium\n- CVE-2016-5218: Address spoofing in Omnibox\n- CVE-2016-5219: Use after free in V8\n- CVE-2016-5221: Integer overflow in ANGLE\n- CVE-2016-5220: Local file access in PDFium\n- CVE-2016-5222: Address spoofing in Omnibox\n- CVE-2016-9650: CSP Referrer disclosure\n- CVE-2016-5223: Integer overflow in PDFium\n- CVE-2016-5226: Limited XSS in Blink\n- CVE-2016-5225: CSP bypass in Blink\n- CVE-2016-5224: Same-origin bypass in SVG\n- CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives\n\nThe default bookmarks override was removed.\n\nThe following packaging changes are included:\n\n- Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.\n- Chromium now requires harfbuzz >= 1.3.0", title: "Description of the patch", }, { category: "details", text: "openSUSE-2016-1496", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_0563-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2017:0563-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT/#IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2017:0563-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT/#IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT", }, { category: "self", summary: "SUSE Bug 1013236", url: "https://bugzilla.suse.com/1013236", }, { category: "self", summary: "SUSE CVE CVE-2016-5203 page", url: "https://www.suse.com/security/cve/CVE-2016-5203/", }, { category: "self", summary: "SUSE CVE CVE-2016-5204 page", url: "https://www.suse.com/security/cve/CVE-2016-5204/", }, { category: "self", summary: "SUSE CVE CVE-2016-5205 page", url: "https://www.suse.com/security/cve/CVE-2016-5205/", }, { category: "self", summary: "SUSE CVE CVE-2016-5206 page", url: "https://www.suse.com/security/cve/CVE-2016-5206/", }, { category: "self", summary: "SUSE CVE CVE-2016-5207 page", url: "https://www.suse.com/security/cve/CVE-2016-5207/", }, { category: "self", summary: "SUSE CVE CVE-2016-5208 page", url: "https://www.suse.com/security/cve/CVE-2016-5208/", }, { category: "self", summary: "SUSE CVE CVE-2016-5209 page", url: "https://www.suse.com/security/cve/CVE-2016-5209/", }, { category: "self", summary: "SUSE CVE CVE-2016-5210 page", url: "https://www.suse.com/security/cve/CVE-2016-5210/", }, { category: "self", summary: "SUSE CVE CVE-2016-5211 page", url: "https://www.suse.com/security/cve/CVE-2016-5211/", }, { category: "self", summary: "SUSE CVE CVE-2016-5212 page", url: "https://www.suse.com/security/cve/CVE-2016-5212/", }, { category: "self", summary: "SUSE CVE CVE-2016-5213 page", url: "https://www.suse.com/security/cve/CVE-2016-5213/", }, { category: "self", summary: "SUSE CVE CVE-2016-5214 page", url: "https://www.suse.com/security/cve/CVE-2016-5214/", }, { category: "self", summary: "SUSE CVE CVE-2016-5215 page", url: "https://www.suse.com/security/cve/CVE-2016-5215/", }, { category: "self", summary: "SUSE CVE CVE-2016-5216 page", url: "https://www.suse.com/security/cve/CVE-2016-5216/", }, { category: "self", summary: "SUSE CVE CVE-2016-5217 page", url: "https://www.suse.com/security/cve/CVE-2016-5217/", }, { category: "self", summary: "SUSE CVE CVE-2016-5218 page", url: "https://www.suse.com/security/cve/CVE-2016-5218/", }, { category: "self", summary: "SUSE CVE CVE-2016-5219 page", url: "https://www.suse.com/security/cve/CVE-2016-5219/", }, { category: "self", summary: "SUSE CVE CVE-2016-5220 page", url: "https://www.suse.com/security/cve/CVE-2016-5220/", }, { category: "self", summary: "SUSE CVE CVE-2016-5221 page", url: "https://www.suse.com/security/cve/CVE-2016-5221/", }, { category: "self", summary: "SUSE CVE CVE-2016-5222 page", url: "https://www.suse.com/security/cve/CVE-2016-5222/", }, { category: "self", summary: "SUSE CVE CVE-2016-5223 page", url: "https://www.suse.com/security/cve/CVE-2016-5223/", }, { category: "self", summary: "SUSE CVE CVE-2016-5224 page", url: "https://www.suse.com/security/cve/CVE-2016-5224/", }, { category: "self", summary: "SUSE CVE CVE-2016-5225 page", url: "https://www.suse.com/security/cve/CVE-2016-5225/", }, { category: "self", summary: "SUSE CVE CVE-2016-5226 page", url: "https://www.suse.com/security/cve/CVE-2016-5226/", }, { category: "self", summary: "SUSE CVE CVE-2016-9650 page", url: "https://www.suse.com/security/cve/CVE-2016-9650/", }, { category: "self", summary: "SUSE CVE CVE-2016-9651 page", url: "https://www.suse.com/security/cve/CVE-2016-9651/", }, { category: "self", summary: "SUSE CVE CVE-2016-9652 page", url: "https://www.suse.com/security/cve/CVE-2016-9652/", }, ], title: "Security update for Chromium", tracking: { current_release_date: "2016-12-16T22:45:25Z", generator: { date: "2016-12-16T22:45:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2017:0563-1", initial_release_date: "2016-12-16T22:45:25Z", revision_history: [ { date: "2016-12-16T22:45:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "chromedriver-55.0.2883.75-2.1.x86_64", product: { name: "chromedriver-55.0.2883.75-2.1.x86_64", product_id: "chromedriver-55.0.2883.75-2.1.x86_64", }, }, { category: "product_version", name: "chromium-55.0.2883.75-2.1.x86_64", product: { name: "chromium-55.0.2883.75-2.1.x86_64", product_id: "chromium-55.0.2883.75-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 12 SP2", product: { name: "SUSE Package Hub 12 SP2", product_id: "SUSE Package Hub 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:12:sp2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "chromedriver-55.0.2883.75-2.1.x86_64 as component of SUSE Package Hub 12 SP2", product_id: "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", }, product_reference: "chromedriver-55.0.2883.75-2.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12 SP2", }, { category: "default_component_of", full_product_name: { name: "chromium-55.0.2883.75-2.1.x86_64 as component of SUSE Package Hub 12 SP2", product_id: "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", }, product_reference: "chromium-55.0.2883.75-2.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12 SP2", }, ], }, vulnerabilities: [ { cve: "CVE-2016-5203", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5203", }, ], notes: [ { category: "general", text: "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5203", url: "https://www.suse.com/security/cve/CVE-2016-5203", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5203", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-5203", }, { cve: "CVE-2016-5204", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5204", }, ], notes: [ { category: "general", text: "Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5204", url: "https://www.suse.com/security/cve/CVE-2016-5204", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5204", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5204", }, { cve: "CVE-2016-5205", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5205", }, ], notes: [ { category: "general", text: "Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5205", url: "https://www.suse.com/security/cve/CVE-2016-5205", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5205", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5205", }, { cve: "CVE-2016-5206", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5206", }, ], notes: [ { category: "general", text: "The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5206", url: "https://www.suse.com/security/cve/CVE-2016-5206", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5206", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-5206", }, { cve: "CVE-2016-5207", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5207", }, ], notes: [ { category: "general", text: "In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5207", url: "https://www.suse.com/security/cve/CVE-2016-5207", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5207", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5207", }, { cve: "CVE-2016-5208", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5208", }, ], notes: [ { category: "general", text: "Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5208", url: "https://www.suse.com/security/cve/CVE-2016-5208", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5208", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5208", }, { cve: "CVE-2016-5209", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5209", }, ], notes: [ { category: "general", text: "Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5209", url: "https://www.suse.com/security/cve/CVE-2016-5209", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5209", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-5209", }, { cve: "CVE-2016-5210", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5210", }, ], notes: [ { category: "general", text: "Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5210", url: "https://www.suse.com/security/cve/CVE-2016-5210", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5210", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-5210", }, { cve: "CVE-2016-5211", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5211", }, ], notes: [ { category: "general", text: "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5211", url: "https://www.suse.com/security/cve/CVE-2016-5211", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5211", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-5211", }, { cve: "CVE-2016-5212", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5212", }, ], notes: [ { category: "general", text: "Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5212", url: "https://www.suse.com/security/cve/CVE-2016-5212", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5212", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5212", }, { cve: "CVE-2016-5213", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5213", }, ], notes: [ { category: "general", text: "A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5213", url: "https://www.suse.com/security/cve/CVE-2016-5213", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5213", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-5213", }, { cve: "CVE-2016-5214", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5214", }, ], notes: [ { category: "general", text: "Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5214", url: "https://www.suse.com/security/cve/CVE-2016-5214", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5214", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5214", }, { cve: "CVE-2016-5215", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5215", }, ], notes: [ { category: "general", text: "A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5215", url: "https://www.suse.com/security/cve/CVE-2016-5215", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5215", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5215", }, { cve: "CVE-2016-5216", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5216", }, ], notes: [ { category: "general", text: "A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5216", url: "https://www.suse.com/security/cve/CVE-2016-5216", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5216", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5216", }, { cve: "CVE-2016-5217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5217", }, ], notes: [ { category: "general", text: "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5217", url: "https://www.suse.com/security/cve/CVE-2016-5217", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5217", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5217", }, { cve: "CVE-2016-5218", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5218", }, ], notes: [ { category: "general", text: "The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5218", url: "https://www.suse.com/security/cve/CVE-2016-5218", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5218", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5218", }, { cve: "CVE-2016-5219", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5219", }, ], notes: [ { category: "general", text: "A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5219", url: "https://www.suse.com/security/cve/CVE-2016-5219", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5219", url: "https://bugzilla.suse.com/1013236", }, { category: "external", summary: "SUSE Bug 1013274 for CVE-2016-5219", url: "https://bugzilla.suse.com/1013274", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5219", }, { cve: "CVE-2016-5220", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5220", }, ], notes: [ { category: "general", text: "PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5220", url: "https://www.suse.com/security/cve/CVE-2016-5220", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5220", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5220", }, { cve: "CVE-2016-5221", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5221", }, ], notes: [ { category: "general", text: "Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5221", url: "https://www.suse.com/security/cve/CVE-2016-5221", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5221", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5221", }, { cve: "CVE-2016-5222", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5222", }, ], notes: [ { category: "general", text: "Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5222", url: "https://www.suse.com/security/cve/CVE-2016-5222", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5222", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5222", }, { cve: "CVE-2016-5223", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5223", }, ], notes: [ { category: "general", text: "Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5223", url: "https://www.suse.com/security/cve/CVE-2016-5223", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5223", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5223", }, { cve: "CVE-2016-5224", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5224", }, ], notes: [ { category: "general", text: "A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5224", url: "https://www.suse.com/security/cve/CVE-2016-5224", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5224", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5224", }, { cve: "CVE-2016-5225", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5225", }, ], notes: [ { category: "general", text: "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5225", url: "https://www.suse.com/security/cve/CVE-2016-5225", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5225", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5225", }, { cve: "CVE-2016-5226", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5226", }, ], notes: [ { category: "general", text: "Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5226", url: "https://www.suse.com/security/cve/CVE-2016-5226", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-5226", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-5226", }, { cve: "CVE-2016-9650", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9650", }, ], notes: [ { category: "general", text: "Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9650", url: "https://www.suse.com/security/cve/CVE-2016-9650", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-9650", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "moderate", }, ], title: "CVE-2016-9650", }, { cve: "CVE-2016-9651", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9651", }, ], notes: [ { category: "general", text: "A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9651", url: "https://www.suse.com/security/cve/CVE-2016-9651", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-9651", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "important", }, ], title: "CVE-2016-9651", }, { cve: "CVE-2016-9652", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9652", }, ], notes: [ { category: "general", text: "Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9652", url: "https://www.suse.com/security/cve/CVE-2016-9652", }, { category: "external", summary: "SUSE Bug 1013236 for CVE-2016-9652", url: "https://bugzilla.suse.com/1013236", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12 SP2:chromedriver-55.0.2883.75-2.1.x86_64", "SUSE Package Hub 12 SP2:chromium-55.0.2883.75-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-16T22:45:25Z", details: "critical", }, ], title: "CVE-2016-9652", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.