opensuse-su-2017:3245-1
Vulnerability from csaf_opensuse
Published
2017-12-08 07:34
Modified
2017-12-08 07:34
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update to Chromium 63.0.3239.84 fixes the following security issues:
- CVE-2017-5124: UXSS with MHTML
- CVE-2017-5125: Heap overflow in Skia
- CVE-2017-5126: Use after free in PDFium
- CVE-2017-5127: Use after free in PDFium
- CVE-2017-5128: Heap overflow in WebGL
- CVE-2017-5129: Use after free in WebAudio
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2
- CVE-2017-5131: Out of bounds write in Skia
- CVE-2017-5133: Out of bounds write in Skia
- CVE-2017-15386: UI spoofing in Blink
- CVE-2017-15387: Content security bypass
- CVE-2017-15388: Out of bounds read in Skia
- CVE-2017-15389: URL spoofing in OmniBox
- CVE-2017-15390: URL spoofing in OmniBox
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration
- CVE-2017-15393: Referrer leak in Devtools
- CVE-2017-15394: URL spoofing in extensions UI
- CVE-2017-15395: Null pointer dereference in ImageCapture
- CVE-2017-15396: Stack overflow in V8
- CVE-2017-15398: Stack buffer overflow in QUIC
- CVE-2017-15399: Use after free in V8
- CVE-2017-15408: Heap buffer overflow in PDFium
- CVE-2017-15409: Out of bounds write in Skia
- CVE-2017-15410: Use after free in PDFium
- CVE-2017-15411: Use after free in PDFium
- CVE-2017-15412: Use after free in libXML
- CVE-2017-15413: Type confusion in WebAssembly
- CVE-2017-15415: Pointer information disclosure in IPC call
- CVE-2017-15416: Out of bounds read in Blink
- CVE-2017-15417: Cross origin information disclosure in Skia
- CVE-2017-15418: Use of uninitialized value in Skia
- CVE-2017-15419: Cross origin leak of redirect URL in Blink
- CVE-2017-15420: URL spoofing in Omnibox
- CVE-2017-15422: Integer overflow in ICU
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- CVE-2017-15424: URL Spoof in Omnibox
- CVE-2017-15425: URL Spoof in Omnibox
- CVE-2017-15426: URL Spoof in Omnibox
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox
The following tracked bug fixes are included:
- sandbox crash fixes (bsc#1064298)
Patchnames
openSUSE-2017-1352
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update to Chromium 63.0.3239.84 fixes the following security issues:\n\n- CVE-2017-5124: UXSS with MHTML\n- CVE-2017-5125: Heap overflow in Skia\n- CVE-2017-5126: Use after free in PDFium \n- CVE-2017-5127: Use after free in PDFium\n- CVE-2017-5128: Heap overflow in WebGL\n- CVE-2017-5129: Use after free in WebAudio \n- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.\n- CVE-2017-5130: Heap overflow in libxml2\n- CVE-2017-5131: Out of bounds write in Skia \n- CVE-2017-5133: Out of bounds write in Skia \n- CVE-2017-15386: UI spoofing in Blink\n- CVE-2017-15387: Content security bypass\n- CVE-2017-15388: Out of bounds read in Skia\n- CVE-2017-15389: URL spoofing in OmniBox\n- CVE-2017-15390: URL spoofing in OmniBox \n- CVE-2017-15391: Extension limitation bypass in Extensions.\n- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration\n- CVE-2017-15393: Referrer leak in Devtools\n- CVE-2017-15394: URL spoofing in extensions UI\n- CVE-2017-15395: Null pointer dereference in ImageCapture\n- CVE-2017-15396: Stack overflow in V8\n- CVE-2017-15398: Stack buffer overflow in QUIC\n- CVE-2017-15399: Use after free in V8\n- CVE-2017-15408: Heap buffer overflow in PDFium\n- CVE-2017-15409: Out of bounds write in Skia\n- CVE-2017-15410: Use after free in PDFium\n- CVE-2017-15411: Use after free in PDFium\n- CVE-2017-15412: Use after free in libXML\n- CVE-2017-15413: Type confusion in WebAssembly\n- CVE-2017-15415: Pointer information disclosure in IPC call\n- CVE-2017-15416: Out of bounds read in Blink\n- CVE-2017-15417: Cross origin information disclosure in Skia\n- CVE-2017-15418: Use of uninitialized value in Skia\n- CVE-2017-15419: Cross origin leak of redirect URL in Blink\n- CVE-2017-15420: URL spoofing in Omnibox\n- CVE-2017-15422: Integer overflow in ICU\n- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL\n- CVE-2017-15424: URL Spoof in Omnibox\n- CVE-2017-15425: URL Spoof in Omnibox\n- CVE-2017-15426: URL Spoof in Omnibox\n- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox\n \nThe following tracked bug fixes are included:\n\n- sandbox crash fixes (bsc#1064298)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2017-1352",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_3245-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2017:3245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VA55NOXRJGNNMP5YTJMI3OWZ75GMEMB2/#VA55NOXRJGNNMP5YTJMI3OWZ75GMEMB2"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2017:3245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VA55NOXRJGNNMP5YTJMI3OWZ75GMEMB2/#VA55NOXRJGNNMP5YTJMI3OWZ75GMEMB2"
},
{
"category": "self",
"summary": "SUSE Bug 1064066",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "self",
"summary": "SUSE Bug 1064298",
"url": "https://bugzilla.suse.com/1064298"
},
{
"category": "self",
"summary": "SUSE Bug 1065405",
"url": "https://bugzilla.suse.com/1065405"
},
{
"category": "self",
"summary": "SUSE Bug 1066851",
"url": "https://bugzilla.suse.com/1066851"
},
{
"category": "self",
"summary": "SUSE Bug 1071691",
"url": "https://bugzilla.suse.com/1071691"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15386 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15387 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15388 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15389 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15390 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15391 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15392 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15393 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15394 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15395 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15396 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15398 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15399 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15408 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15408/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15409 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15410 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15411 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15412 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15413 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15415 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15416 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15417 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15418 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15418/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15419 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15420 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15422 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15422/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15423 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15424 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15425 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15426 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15427 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5124 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5125 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5126 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5127 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5128 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5129 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5130 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5131 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5132 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5133 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5133/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2017-12-08T07:34:05Z",
"generator": {
"date": "2017-12-08T07:34:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2017:3245-1",
"initial_release_date": "2017-12-08T07:34:05Z",
"revision_history": [
{
"date": "2017-12-08T07:34:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-63.0.3239.84-40.1.x86_64",
"product": {
"name": "chromedriver-63.0.3239.84-40.1.x86_64",
"product_id": "chromedriver-63.0.3239.84-40.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-63.0.3239.84-40.1.x86_64",
"product": {
"name": "chromium-63.0.3239.84-40.1.x86_64",
"product_id": "chromium-63.0.3239.84-40.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP2",
"product": {
"name": "SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-63.0.3239.84-40.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64"
},
"product_reference": "chromedriver-63.0.3239.84-40.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-63.0.3239.84-40.1.x86_64 as component of SUSE Package Hub 12 SP2",
"product_id": "SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
},
"product_reference": "chromium-63.0.3239.84-40.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15386"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15386",
"url": "https://www.suse.com/security/cve/CVE-2017-15386"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15386",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15386",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15386"
},
{
"cve": "CVE-2017-15387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15387"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15387",
"url": "https://www.suse.com/security/cve/CVE-2017-15387"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15387",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15387",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15387"
},
{
"cve": "CVE-2017-15388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15388"
}
],
"notes": [
{
"category": "general",
"text": "Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15388",
"url": "https://www.suse.com/security/cve/CVE-2017-15388"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15388",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15388",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15388"
},
{
"cve": "CVE-2017-15389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15389"
}
],
"notes": [
{
"category": "general",
"text": "An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15389",
"url": "https://www.suse.com/security/cve/CVE-2017-15389"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15389",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15389",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15389"
},
{
"cve": "CVE-2017-15390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15390"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15390",
"url": "https://www.suse.com/security/cve/CVE-2017-15390"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15390",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15390",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15390"
},
{
"cve": "CVE-2017-15391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15391"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15391",
"url": "https://www.suse.com/security/cve/CVE-2017-15391"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15391",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15391",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15391"
},
{
"cve": "CVE-2017-15392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15392"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15392",
"url": "https://www.suse.com/security/cve/CVE-2017-15392"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15392",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15392",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15392"
},
{
"cve": "CVE-2017-15393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15393"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15393",
"url": "https://www.suse.com/security/cve/CVE-2017-15393"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15393",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15393",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15393"
},
{
"cve": "CVE-2017-15394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15394"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15394",
"url": "https://www.suse.com/security/cve/CVE-2017-15394"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15394",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15394",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15394"
},
{
"cve": "CVE-2017-15395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15395"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15395",
"url": "https://www.suse.com/security/cve/CVE-2017-15395"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-15395",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-15395",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15395"
},
{
"cve": "CVE-2017-15396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15396"
}
],
"notes": [
{
"category": "general",
"text": "A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15396",
"url": "https://www.suse.com/security/cve/CVE-2017-15396"
},
{
"category": "external",
"summary": "SUSE Bug 1065405 for CVE-2017-15396",
"url": "https://bugzilla.suse.com/1065405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15396"
},
{
"cve": "CVE-2017-15398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15398"
}
],
"notes": [
{
"category": "general",
"text": "A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15398",
"url": "https://www.suse.com/security/cve/CVE-2017-15398"
},
{
"category": "external",
"summary": "SUSE Bug 1066851 for CVE-2017-15398",
"url": "https://bugzilla.suse.com/1066851"
},
{
"category": "external",
"summary": "SUSE Bug 1066853 for CVE-2017-15398",
"url": "https://bugzilla.suse.com/1066853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "critical"
}
],
"title": "CVE-2017-15398"
},
{
"cve": "CVE-2017-15399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15399"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15399",
"url": "https://www.suse.com/security/cve/CVE-2017-15399"
},
{
"category": "external",
"summary": "SUSE Bug 1066851 for CVE-2017-15399",
"url": "https://bugzilla.suse.com/1066851"
},
{
"category": "external",
"summary": "SUSE Bug 1066853 for CVE-2017-15399",
"url": "https://bugzilla.suse.com/1066853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "critical"
}
],
"title": "CVE-2017-15399"
},
{
"cve": "CVE-2017-15408",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15408"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15408",
"url": "https://www.suse.com/security/cve/CVE-2017-15408"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15408",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15408"
},
{
"cve": "CVE-2017-15409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15409"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15409",
"url": "https://www.suse.com/security/cve/CVE-2017-15409"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15409",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15409"
},
{
"cve": "CVE-2017-15410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15410"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15410",
"url": "https://www.suse.com/security/cve/CVE-2017-15410"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15410",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15410"
},
{
"cve": "CVE-2017-15411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15411"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15411",
"url": "https://www.suse.com/security/cve/CVE-2017-15411"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15411",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15411"
},
{
"cve": "CVE-2017-15412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15412"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15412",
"url": "https://www.suse.com/security/cve/CVE-2017-15412"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15412",
"url": "https://bugzilla.suse.com/1071691"
},
{
"category": "external",
"summary": "SUSE Bug 1077993 for CVE-2017-15412",
"url": "https://bugzilla.suse.com/1077993"
},
{
"category": "external",
"summary": "SUSE Bug 1123129 for CVE-2017-15412",
"url": "https://bugzilla.suse.com/1123129"
},
{
"category": "external",
"summary": "SUSE Bug 1123919 for CVE-2017-15412",
"url": "https://bugzilla.suse.com/1123919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15412"
},
{
"cve": "CVE-2017-15413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15413"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15413",
"url": "https://www.suse.com/security/cve/CVE-2017-15413"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15413",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15413"
},
{
"cve": "CVE-2017-15415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15415"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15415",
"url": "https://www.suse.com/security/cve/CVE-2017-15415"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15415",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15415"
},
{
"cve": "CVE-2017-15416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15416"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15416",
"url": "https://www.suse.com/security/cve/CVE-2017-15416"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15416",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15416"
},
{
"cve": "CVE-2017-15417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15417"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15417",
"url": "https://www.suse.com/security/cve/CVE-2017-15417"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15417",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15417"
},
{
"cve": "CVE-2017-15418",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15418"
}
],
"notes": [
{
"category": "general",
"text": "Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15418",
"url": "https://www.suse.com/security/cve/CVE-2017-15418"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15418",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15418"
},
{
"cve": "CVE-2017-15419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15419"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15419",
"url": "https://www.suse.com/security/cve/CVE-2017-15419"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15419",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15419"
},
{
"cve": "CVE-2017-15420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15420"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15420",
"url": "https://www.suse.com/security/cve/CVE-2017-15420"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15420",
"url": "https://bugzilla.suse.com/1071691"
},
{
"category": "external",
"summary": "SUSE Bug 1077571 for CVE-2017-15420",
"url": "https://bugzilla.suse.com/1077571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15420"
},
{
"cve": "CVE-2017-15422",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15422"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15422",
"url": "https://www.suse.com/security/cve/CVE-2017-15422"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15422",
"url": "https://bugzilla.suse.com/1071691"
},
{
"category": "external",
"summary": "SUSE Bug 1077999 for CVE-2017-15422",
"url": "https://bugzilla.suse.com/1077999"
},
{
"category": "external",
"summary": "SUSE Bug 1123121 for CVE-2017-15422",
"url": "https://bugzilla.suse.com/1123121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "moderate"
}
],
"title": "CVE-2017-15422"
},
{
"cve": "CVE-2017-15423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15423"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15423",
"url": "https://www.suse.com/security/cve/CVE-2017-15423"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15423",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15423"
},
{
"cve": "CVE-2017-15424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15424"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15424",
"url": "https://www.suse.com/security/cve/CVE-2017-15424"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15424",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15424"
},
{
"cve": "CVE-2017-15425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15425"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15425",
"url": "https://www.suse.com/security/cve/CVE-2017-15425"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15425",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15425"
},
{
"cve": "CVE-2017-15426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15426"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15426",
"url": "https://www.suse.com/security/cve/CVE-2017-15426"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15426",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15426"
},
{
"cve": "CVE-2017-15427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15427"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15427",
"url": "https://www.suse.com/security/cve/CVE-2017-15427"
},
{
"category": "external",
"summary": "SUSE Bug 1071691 for CVE-2017-15427",
"url": "https://bugzilla.suse.com/1071691"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-15427"
},
{
"cve": "CVE-2017-5124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5124"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5124",
"url": "https://www.suse.com/security/cve/CVE-2017-5124"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5124",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5124",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5124"
},
{
"cve": "CVE-2017-5125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5125"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5125",
"url": "https://www.suse.com/security/cve/CVE-2017-5125"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5125",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5125",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5125"
},
{
"cve": "CVE-2017-5126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5126"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5126",
"url": "https://www.suse.com/security/cve/CVE-2017-5126"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5126",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5126",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5126"
},
{
"cve": "CVE-2017-5127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5127"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5127",
"url": "https://www.suse.com/security/cve/CVE-2017-5127"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5127",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5127",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5127"
},
{
"cve": "CVE-2017-5128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5128"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5128",
"url": "https://www.suse.com/security/cve/CVE-2017-5128"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5128",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5128",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5128"
},
{
"cve": "CVE-2017-5129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5129"
}
],
"notes": [
{
"category": "general",
"text": "A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5129",
"url": "https://www.suse.com/security/cve/CVE-2017-5129"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5129",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5129",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5129"
},
{
"cve": "CVE-2017-5130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5130"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5130",
"url": "https://www.suse.com/security/cve/CVE-2017-5130"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5130",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5130",
"url": "https://bugzilla.suse.com/1064089"
},
{
"category": "external",
"summary": "SUSE Bug 1078806 for CVE-2017-5130",
"url": "https://bugzilla.suse.com/1078806"
},
{
"category": "external",
"summary": "SUSE Bug 1123129 for CVE-2017-5130",
"url": "https://bugzilla.suse.com/1123129"
},
{
"category": "external",
"summary": "SUSE Bug 1123919 for CVE-2017-5130",
"url": "https://bugzilla.suse.com/1123919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5130"
},
{
"cve": "CVE-2017-5131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5131"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5131",
"url": "https://www.suse.com/security/cve/CVE-2017-5131"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5131",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5131",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5131"
},
{
"cve": "CVE-2017-5132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5132"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5132",
"url": "https://www.suse.com/security/cve/CVE-2017-5132"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5132",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5132",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5132"
},
{
"cve": "CVE-2017-5133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5133"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5133",
"url": "https://www.suse.com/security/cve/CVE-2017-5133"
},
{
"category": "external",
"summary": "SUSE Bug 1064066 for CVE-2017-5133",
"url": "https://bugzilla.suse.com/1064066"
},
{
"category": "external",
"summary": "SUSE Bug 1064089 for CVE-2017-5133",
"url": "https://bugzilla.suse.com/1064089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP2:chromedriver-63.0.3239.84-40.1.x86_64",
"SUSE Package Hub 12 SP2:chromium-63.0.3239.84-40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-08T07:34:05Z",
"details": "important"
}
],
"title": "CVE-2017-5133"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…