opensuse-su-2019:2447-1
Vulnerability from csaf_opensuse
Published
2019-11-06 17:25
Modified
2019-11-06 17:25
Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Chromium was updated to 78.0.3904.87:
(boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492)
Security issues fixed with this version update:
* CVE-2019-13721: Use-after-free in PDFium
* CVE-2019-13720: Use-after-free in audio
* CVE-2019-13699: Use-after-free in media
* CVE-2019-13700: Buffer overrun in Blink
* CVE-2019-13701: URL spoof in navigation
* CVE-2019-13702: Privilege elevation in Installer
* CVE-2019-13703: URL bar spoofing
* CVE-2019-13704: CSP bypass
* CVE-2019-13705: Extension permission bypass
* CVE-2019-13706: Out-of-bounds read in PDFium
* CVE-2019-13707: File storage disclosure
* CVE-2019-13708: HTTP authentication spoof
* CVE-2019-13709: File download protection bypass
* CVE-2019-13710: File download protection bypass
* CVE-2019-13711: Cross-context information leak
* CVE-2019-15903: Buffer overflow in expat
* CVE-2019-13713: Cross-origin data leak
* CVE-2019-13714: CSS injection
* CVE-2019-13715: Address bar spoofing
* CVE-2019-13716: Service worker state error
* CVE-2019-13717: Notification obscured
* CVE-2019-13718: IDN spoof
* CVE-2019-13719: Notification obscured
* CVE-2019-13693: Use-after-free in IndexedDB
* CVE-2019-13694: Use-after-free in WebRTC
* CVE-2019-13695: Use-after-free in audio
* CVE-2019-13696: Use-after-free in V8
* CVE-2019-13697: Cross-origin size leak.
* CVE-2019-13685: Use-after-free in UI
* CVE-2019-13688: Use-after-free in media
* CVE-2019-13687: Use-after-free in media
* CVE-2019-13686: Use-after-free in offline pages
* CVE-2019-5870: Use-after-free in media
* CVE-2019-5871: Heap overflow in Skia
* CVE-2019-5872: Use-after-free in Mojo
* CVE-2019-5874: External URIs may trigger other browsers
* CVE-2019-5875: URL bar spoof via download redirect
* CVE-2019-5876: Use-after-free in media
* CVE-2019-5877: Out-of-bounds access in V8
* CVE-2019-5878: Use-after-free in V8
* CVE-2019-5879: Extension can bypass same origin policy
* CVE-2019-5880: SameSite cookie bypass
* CVE-2019-5881: Arbitrary read in SwiftShader
* CVE-2019-13659: URL spoof
* CVE-2019-13660: Full screen notification overlap
* CVE-2019-13661: Full screen notification spoof
* CVE-2019-13662: CSP bypass
* CVE-2019-13663: IDN spoof
* CVE-2019-13664: CSRF bypass
* CVE-2019-13665: Multiple file download protection bypass
* CVE-2019-13666: Side channel using storage size estimate
* CVE-2019-13667: URI bar spoof when using external app URIs
* CVE-2019-13668: Global window leak via console
* CVE-2019-13669: HTTP authentication spoof
* CVE-2019-13670: V8 memory corruption in regex
* CVE-2019-13671: Dialog box fails to show origin
* CVE-2019-13673: Cross-origin information leak using devtools
* CVE-2019-13674: IDN spoofing
* CVE-2019-13675: Extensions can be disabled by trailing slash
* CVE-2019-13676: Google URI shown for certificate warning
* CVE-2019-13677: Chrome web store origin needs to be isolated
* CVE-2019-13678: Download dialog spoofing
* CVE-2019-13679: User gesture needed for printing
* CVE-2019-13680: IP address spoofing to servers
* CVE-2019-13681: Bypass on download restrictions
* CVE-2019-13682: Site isolation bypass
* CVE-2019-13683: Exceptions leaked by devtools
* CVE-2019-5869: Use-after-free in Blink
* CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
* CVE-2019-5867: Out-of-bounds read in V8
* CVE-2019-5850: Use-after-free in offline page fetcher
* CVE-2019-5860: Use-after-free in PDFium
* CVE-2019-5853: Memory corruption in regexp length check
* CVE-2019-5851: Use-after-poison in offline audio context
* CVE-2019-5859: res: URIs can load alternative browsers
* CVE-2019-5856: Insufficient checks on filesystem: URI permissions
* CVE-2019-5855: Integer overflow in PDFium
* CVE-2019-5865: Site isolation bypass from compromised renderer
* CVE-2019-5858: Insufficient filtering of Open URL service parameters
* CVE-2019-5864: Insufficient port filtering in CORS for extensions
* CVE-2019-5862: AppCache not robust to compromised renderers
* CVE-2019-5861: Click location incorrectly checked
* CVE-2019-5857: Comparison of -0 and null yields crash
* CVE-2019-5854: Integer overflow in PDFium text rendering
* CVE-2019-5852: Object leak of utility functions
Patchnames
openSUSE-2019-2447
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\t \nChromium was updated to 78.0.3904.87: \n(boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492)\n\nSecurity issues fixed with this version update: \n\n * CVE-2019-13721: Use-after-free in PDFium\n * CVE-2019-13720: Use-after-free in audio\n * CVE-2019-13699: Use-after-free in media\n * CVE-2019-13700: Buffer overrun in Blink\n * CVE-2019-13701: URL spoof in navigation\n * CVE-2019-13702: Privilege elevation in Installer\n * CVE-2019-13703: URL bar spoofing\n * CVE-2019-13704: CSP bypass\n * CVE-2019-13705: Extension permission bypass\n * CVE-2019-13706: Out-of-bounds read in PDFium\n * CVE-2019-13707: File storage disclosure\n * CVE-2019-13708: HTTP authentication spoof\n * CVE-2019-13709: File download protection bypass\n * CVE-2019-13710: File download protection bypass\n * CVE-2019-13711: Cross-context information leak\n * CVE-2019-15903: Buffer overflow in expat\n * CVE-2019-13713: Cross-origin data leak\n * CVE-2019-13714: CSS injection\n * CVE-2019-13715: Address bar spoofing\n * CVE-2019-13716: Service worker state error\n * CVE-2019-13717: Notification obscured\n * CVE-2019-13718: IDN spoof\n * CVE-2019-13719: Notification obscured\n * CVE-2019-13693: Use-after-free in IndexedDB\n * CVE-2019-13694: Use-after-free in WebRTC\n * CVE-2019-13695: Use-after-free in audio\n * CVE-2019-13696: Use-after-free in V8\n * CVE-2019-13697: Cross-origin size leak. \n * CVE-2019-13685: Use-after-free in UI\n * CVE-2019-13688: Use-after-free in media\n * CVE-2019-13687: Use-after-free in media\n * CVE-2019-13686: Use-after-free in offline pages\n * CVE-2019-5870: Use-after-free in media\n * CVE-2019-5871: Heap overflow in Skia\n * CVE-2019-5872: Use-after-free in Mojo\n * CVE-2019-5874: External URIs may trigger other browsers\n * CVE-2019-5875: URL bar spoof via download redirect\n * CVE-2019-5876: Use-after-free in media\n * CVE-2019-5877: Out-of-bounds access in V8\n * CVE-2019-5878: Use-after-free in V8\n * CVE-2019-5879: Extension can bypass same origin policy\n * CVE-2019-5880: SameSite cookie bypass\n * CVE-2019-5881: Arbitrary read in SwiftShader\n * CVE-2019-13659: URL spoof\n * CVE-2019-13660: Full screen notification overlap\n * CVE-2019-13661: Full screen notification spoof\n * CVE-2019-13662: CSP bypass\n * CVE-2019-13663: IDN spoof\n * CVE-2019-13664: CSRF bypass\n * CVE-2019-13665: Multiple file download protection bypass\n * CVE-2019-13666: Side channel using storage size estimate\n * CVE-2019-13667: URI bar spoof when using external app URIs\n * CVE-2019-13668: Global window leak via console\n * CVE-2019-13669: HTTP authentication spoof\n * CVE-2019-13670: V8 memory corruption in regex\n * CVE-2019-13671: Dialog box fails to show origin\n * CVE-2019-13673: Cross-origin information leak using devtools\n * CVE-2019-13674: IDN spoofing\n * CVE-2019-13675: Extensions can be disabled by trailing slash\n * CVE-2019-13676: Google URI shown for certificate warning\n * CVE-2019-13677: Chrome web store origin needs to be isolated\n * CVE-2019-13678: Download dialog spoofing\n * CVE-2019-13679: User gesture needed for printing\n * CVE-2019-13680: IP address spoofing to servers\n * CVE-2019-13681: Bypass on download restrictions\n * CVE-2019-13682: Site isolation bypass\n * CVE-2019-13683: Exceptions leaked by devtools\n * CVE-2019-5869: Use-after-free in Blink\n * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction\n * CVE-2019-5867: Out-of-bounds read in V8\n * CVE-2019-5850: Use-after-free in offline page fetcher\n * CVE-2019-5860: Use-after-free in PDFium\n * CVE-2019-5853: Memory corruption in regexp length check\n * CVE-2019-5851: Use-after-poison in offline audio context\n * CVE-2019-5859: res: URIs can load alternative browsers\n * CVE-2019-5856: Insufficient checks on filesystem: URI permissions\n * CVE-2019-5855: Integer overflow in PDFium\n * CVE-2019-5865: Site isolation bypass from compromised renderer\n * CVE-2019-5858: Insufficient filtering of Open URL service parameters\n * CVE-2019-5864: Insufficient port filtering in CORS for extensions\n * CVE-2019-5862: AppCache not robust to compromised renderers\n * CVE-2019-5861: Click location incorrectly checked\n * CVE-2019-5857: Comparison of -0 and null yields crash\n * CVE-2019-5854: Integer overflow in PDFium text rendering\n * CVE-2019-5852: Object leak of utility functions\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2447",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2447-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2447-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM/#QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2447-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM/#QNJAWHUQKXHQBG3I7GI4ACW3CYHDJAHM"
},
{
"category": "self",
"summary": "SUSE Bug 1143492",
"url": "https://bugzilla.suse.com/1143492"
},
{
"category": "self",
"summary": "SUSE Bug 1144625",
"url": "https://bugzilla.suse.com/1144625"
},
{
"category": "self",
"summary": "SUSE Bug 1145242",
"url": "https://bugzilla.suse.com/1145242"
},
{
"category": "self",
"summary": "SUSE Bug 1146219",
"url": "https://bugzilla.suse.com/1146219"
},
{
"category": "self",
"summary": "SUSE Bug 1149143",
"url": "https://bugzilla.suse.com/1149143"
},
{
"category": "self",
"summary": "SUSE Bug 1150425",
"url": "https://bugzilla.suse.com/1150425"
},
{
"category": "self",
"summary": "SUSE Bug 1151229",
"url": "https://bugzilla.suse.com/1151229"
},
{
"category": "self",
"summary": "SUSE Bug 1153660",
"url": "https://bugzilla.suse.com/1153660"
},
{
"category": "self",
"summary": "SUSE Bug 1154806",
"url": "https://bugzilla.suse.com/1154806"
},
{
"category": "self",
"summary": "SUSE Bug 1155643",
"url": "https://bugzilla.suse.com/1155643"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13659 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13660 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13661 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13662 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13663 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13664 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13665 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13667 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13668 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13669 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13670 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13671 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13673 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13675 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13676 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13677 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13678 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13679 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13680 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13681 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13682 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13683 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13685 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13686 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13687 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13688 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13688/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13693 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13694 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13695 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13696 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13697 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13699 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13700 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13701 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13702 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13703 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13704 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13705 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13706 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13707 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13708 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13709 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13710 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13711 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13713 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13714 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13715 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13716 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13717 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13718 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13719 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13720 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13721 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5850 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5851 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5852 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5853 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5854 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5855 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5857 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5859 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5860 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5861 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5862 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5863 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5864 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5865 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5867 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5868 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5869 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5871 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5872 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5875 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5876 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5877 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5878 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5879 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5881 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5881/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2019-11-06T17:25:26Z",
"generator": {
"date": "2019-11-06T17:25:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2447-1",
"initial_release_date": "2019-11-06T17:25:26Z",
"revision_history": [
{
"date": "2019-11-06T17:25:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-78.0.3904.87-10.1.aarch64",
"product": {
"name": "chromedriver-78.0.3904.87-10.1.aarch64",
"product_id": "chromedriver-78.0.3904.87-10.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-78.0.3904.87-10.1.aarch64",
"product": {
"name": "chromium-78.0.3904.87-10.1.aarch64",
"product_id": "chromium-78.0.3904.87-10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-78.0.3904.87-10.1.x86_64",
"product": {
"name": "chromedriver-78.0.3904.87-10.1.x86_64",
"product_id": "chromedriver-78.0.3904.87-10.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-78.0.3904.87-10.1.x86_64",
"product": {
"name": "chromium-78.0.3904.87-10.1.x86_64",
"product_id": "chromium-78.0.3904.87-10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP3",
"product": {
"name": "SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-78.0.3904.87-10.1.aarch64 as component of SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64"
},
"product_reference": "chromedriver-78.0.3904.87-10.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-78.0.3904.87-10.1.x86_64 as component of SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64"
},
"product_reference": "chromedriver-78.0.3904.87-10.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-78.0.3904.87-10.1.aarch64 as component of SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64"
},
"product_reference": "chromium-78.0.3904.87-10.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-78.0.3904.87-10.1.x86_64 as component of SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
},
"product_reference": "chromium-78.0.3904.87-10.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13659"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13659",
"url": "https://www.suse.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13659",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13659"
},
{
"cve": "CVE-2019-13660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13660"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13660",
"url": "https://www.suse.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13660",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13660"
},
{
"cve": "CVE-2019-13661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13661"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13661",
"url": "https://www.suse.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13661",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13661"
},
{
"cve": "CVE-2019-13662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13662"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13662",
"url": "https://www.suse.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13662",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13662"
},
{
"cve": "CVE-2019-13663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13663"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13663",
"url": "https://www.suse.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13663",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13663"
},
{
"cve": "CVE-2019-13664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13664"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13664",
"url": "https://www.suse.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13664",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13664"
},
{
"cve": "CVE-2019-13665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13665"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13665",
"url": "https://www.suse.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13665",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13665"
},
{
"cve": "CVE-2019-13666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13666"
}
],
"notes": [
{
"category": "general",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13666",
"url": "https://www.suse.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13666",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13666"
},
{
"cve": "CVE-2019-13667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13667"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13667",
"url": "https://www.suse.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13667",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13667"
},
{
"cve": "CVE-2019-13668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13668"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13668",
"url": "https://www.suse.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13668",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13668"
},
{
"cve": "CVE-2019-13669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13669"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13669",
"url": "https://www.suse.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13669",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13669"
},
{
"cve": "CVE-2019-13670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13670"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13670",
"url": "https://www.suse.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13670",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13670"
},
{
"cve": "CVE-2019-13671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13671"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13671",
"url": "https://www.suse.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13671",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13671"
},
{
"cve": "CVE-2019-13673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13673"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13673",
"url": "https://www.suse.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13673",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13673"
},
{
"cve": "CVE-2019-13674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13674"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13674",
"url": "https://www.suse.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13674",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13674"
},
{
"cve": "CVE-2019-13675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13675"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13675",
"url": "https://www.suse.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13675",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13675"
},
{
"cve": "CVE-2019-13676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13676"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13676",
"url": "https://www.suse.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13676",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13676"
},
{
"cve": "CVE-2019-13677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13677"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13677",
"url": "https://www.suse.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13677",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13677"
},
{
"cve": "CVE-2019-13678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13678"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13678",
"url": "https://www.suse.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13678",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13678"
},
{
"cve": "CVE-2019-13679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13679"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13679",
"url": "https://www.suse.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13679",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13679"
},
{
"cve": "CVE-2019-13680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13680"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13680",
"url": "https://www.suse.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13680",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13680"
},
{
"cve": "CVE-2019-13681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13681"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13681",
"url": "https://www.suse.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13681",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13681"
},
{
"cve": "CVE-2019-13682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13682"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13682",
"url": "https://www.suse.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13682",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13682"
},
{
"cve": "CVE-2019-13683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13683"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13683",
"url": "https://www.suse.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13683",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13683"
},
{
"cve": "CVE-2019-13685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13685"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13685",
"url": "https://www.suse.com/security/cve/CVE-2019-13685"
},
{
"category": "external",
"summary": "SUSE Bug 1151229 for CVE-2019-13685",
"url": "https://bugzilla.suse.com/1151229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13685"
},
{
"cve": "CVE-2019-13686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13686"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13686",
"url": "https://www.suse.com/security/cve/CVE-2019-13686"
},
{
"category": "external",
"summary": "SUSE Bug 1151229 for CVE-2019-13686",
"url": "https://bugzilla.suse.com/1151229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13686"
},
{
"cve": "CVE-2019-13687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13687"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13687",
"url": "https://www.suse.com/security/cve/CVE-2019-13687"
},
{
"category": "external",
"summary": "SUSE Bug 1151229 for CVE-2019-13687",
"url": "https://bugzilla.suse.com/1151229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13687"
},
{
"cve": "CVE-2019-13688",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13688"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13688",
"url": "https://www.suse.com/security/cve/CVE-2019-13688"
},
{
"category": "external",
"summary": "SUSE Bug 1151229 for CVE-2019-13688",
"url": "https://bugzilla.suse.com/1151229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13688"
},
{
"cve": "CVE-2019-13693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13693"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13693",
"url": "https://www.suse.com/security/cve/CVE-2019-13693"
},
{
"category": "external",
"summary": "SUSE Bug 1153660 for CVE-2019-13693",
"url": "https://bugzilla.suse.com/1153660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13693"
},
{
"cve": "CVE-2019-13694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13694"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13694",
"url": "https://www.suse.com/security/cve/CVE-2019-13694"
},
{
"category": "external",
"summary": "SUSE Bug 1153660 for CVE-2019-13694",
"url": "https://bugzilla.suse.com/1153660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13694"
},
{
"cve": "CVE-2019-13695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13695"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13695",
"url": "https://www.suse.com/security/cve/CVE-2019-13695"
},
{
"category": "external",
"summary": "SUSE Bug 1153660 for CVE-2019-13695",
"url": "https://bugzilla.suse.com/1153660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13695"
},
{
"cve": "CVE-2019-13696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13696"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13696",
"url": "https://www.suse.com/security/cve/CVE-2019-13696"
},
{
"category": "external",
"summary": "SUSE Bug 1153660 for CVE-2019-13696",
"url": "https://bugzilla.suse.com/1153660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13696"
},
{
"cve": "CVE-2019-13697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13697"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13697",
"url": "https://www.suse.com/security/cve/CVE-2019-13697"
},
{
"category": "external",
"summary": "SUSE Bug 1153660 for CVE-2019-13697",
"url": "https://bugzilla.suse.com/1153660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13697"
},
{
"cve": "CVE-2019-13699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13699"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13699",
"url": "https://www.suse.com/security/cve/CVE-2019-13699"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13699",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13699"
},
{
"cve": "CVE-2019-13700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13700"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13700",
"url": "https://www.suse.com/security/cve/CVE-2019-13700"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13700",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13700"
},
{
"cve": "CVE-2019-13701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13701"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13701",
"url": "https://www.suse.com/security/cve/CVE-2019-13701"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13701",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13701"
},
{
"cve": "CVE-2019-13702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13702"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13702",
"url": "https://www.suse.com/security/cve/CVE-2019-13702"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13702",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13702"
},
{
"cve": "CVE-2019-13703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13703"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13703",
"url": "https://www.suse.com/security/cve/CVE-2019-13703"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13703",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13703"
},
{
"cve": "CVE-2019-13704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13704"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13704",
"url": "https://www.suse.com/security/cve/CVE-2019-13704"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13704",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13704"
},
{
"cve": "CVE-2019-13705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13705"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13705",
"url": "https://www.suse.com/security/cve/CVE-2019-13705"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13705",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13705"
},
{
"cve": "CVE-2019-13706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13706"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13706",
"url": "https://www.suse.com/security/cve/CVE-2019-13706"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13706",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13706"
},
{
"cve": "CVE-2019-13707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13707"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13707",
"url": "https://www.suse.com/security/cve/CVE-2019-13707"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13707",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13707"
},
{
"cve": "CVE-2019-13708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13708"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13708",
"url": "https://www.suse.com/security/cve/CVE-2019-13708"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13708",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13708"
},
{
"cve": "CVE-2019-13709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13709"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13709",
"url": "https://www.suse.com/security/cve/CVE-2019-13709"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13709",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13709"
},
{
"cve": "CVE-2019-13710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13710"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13710",
"url": "https://www.suse.com/security/cve/CVE-2019-13710"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13710",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13710"
},
{
"cve": "CVE-2019-13711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13711"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13711",
"url": "https://www.suse.com/security/cve/CVE-2019-13711"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13711",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13711"
},
{
"cve": "CVE-2019-13713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13713"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13713",
"url": "https://www.suse.com/security/cve/CVE-2019-13713"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13713",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13713"
},
{
"cve": "CVE-2019-13714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13714"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13714",
"url": "https://www.suse.com/security/cve/CVE-2019-13714"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13714",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13714"
},
{
"cve": "CVE-2019-13715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13715"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13715",
"url": "https://www.suse.com/security/cve/CVE-2019-13715"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13715",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13715"
},
{
"cve": "CVE-2019-13716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13716"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13716",
"url": "https://www.suse.com/security/cve/CVE-2019-13716"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13716",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13716"
},
{
"cve": "CVE-2019-13717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13717"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13717",
"url": "https://www.suse.com/security/cve/CVE-2019-13717"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13717",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13717"
},
{
"cve": "CVE-2019-13718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13718"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13718",
"url": "https://www.suse.com/security/cve/CVE-2019-13718"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13718",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13718"
},
{
"cve": "CVE-2019-13719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13719"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13719",
"url": "https://www.suse.com/security/cve/CVE-2019-13719"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-13719",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-13719"
},
{
"cve": "CVE-2019-13720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13720"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13720",
"url": "https://www.suse.com/security/cve/CVE-2019-13720"
},
{
"category": "external",
"summary": "SUSE Bug 1155643 for CVE-2019-13720",
"url": "https://bugzilla.suse.com/1155643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13720"
},
{
"cve": "CVE-2019-13721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13721"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13721",
"url": "https://www.suse.com/security/cve/CVE-2019-13721"
},
{
"category": "external",
"summary": "SUSE Bug 1155643 for CVE-2019-13721",
"url": "https://bugzilla.suse.com/1155643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-13721"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-5850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5850"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5850",
"url": "https://www.suse.com/security/cve/CVE-2019-5850"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5850",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "critical"
}
],
"title": "CVE-2019-5850"
},
{
"cve": "CVE-2019-5851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5851"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5851",
"url": "https://www.suse.com/security/cve/CVE-2019-5851"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5851",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5851"
},
{
"cve": "CVE-2019-5852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5852"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5852",
"url": "https://www.suse.com/security/cve/CVE-2019-5852"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5852",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5852"
},
{
"cve": "CVE-2019-5853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5853"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5853",
"url": "https://www.suse.com/security/cve/CVE-2019-5853"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5853",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5853"
},
{
"cve": "CVE-2019-5854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5854"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5854",
"url": "https://www.suse.com/security/cve/CVE-2019-5854"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5854",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5854"
},
{
"cve": "CVE-2019-5855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5855"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5855",
"url": "https://www.suse.com/security/cve/CVE-2019-5855"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5855",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5855"
},
{
"cve": "CVE-2019-5856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5856"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5856",
"url": "https://www.suse.com/security/cve/CVE-2019-5856"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5856",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5856"
},
{
"cve": "CVE-2019-5857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5857"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5857",
"url": "https://www.suse.com/security/cve/CVE-2019-5857"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5857",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5857"
},
{
"cve": "CVE-2019-5858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5858"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5858",
"url": "https://www.suse.com/security/cve/CVE-2019-5858"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5858",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5858"
},
{
"cve": "CVE-2019-5859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5859"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5859",
"url": "https://www.suse.com/security/cve/CVE-2019-5859"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5859",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5859"
},
{
"cve": "CVE-2019-5860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5860"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5860",
"url": "https://www.suse.com/security/cve/CVE-2019-5860"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5860",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5860"
},
{
"cve": "CVE-2019-5861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5861"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5861",
"url": "https://www.suse.com/security/cve/CVE-2019-5861"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5861",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5861"
},
{
"cve": "CVE-2019-5862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5862"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5862",
"url": "https://www.suse.com/security/cve/CVE-2019-5862"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5862",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5862"
},
{
"cve": "CVE-2019-5863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5863"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5863",
"url": "https://www.suse.com/security/cve/CVE-2019-5863"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5863",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5863"
},
{
"cve": "CVE-2019-5864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5864"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5864",
"url": "https://www.suse.com/security/cve/CVE-2019-5864"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5864",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5864"
},
{
"cve": "CVE-2019-5865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5865"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5865",
"url": "https://www.suse.com/security/cve/CVE-2019-5865"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5865",
"url": "https://bugzilla.suse.com/1143492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5865"
},
{
"cve": "CVE-2019-5867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5867"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5867",
"url": "https://www.suse.com/security/cve/CVE-2019-5867"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5867",
"url": "https://bugzilla.suse.com/1143492"
},
{
"category": "external",
"summary": "SUSE Bug 1145242 for CVE-2019-5867",
"url": "https://bugzilla.suse.com/1145242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5867"
},
{
"cve": "CVE-2019-5868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5868"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5868",
"url": "https://www.suse.com/security/cve/CVE-2019-5868"
},
{
"category": "external",
"summary": "SUSE Bug 1143492 for CVE-2019-5868",
"url": "https://bugzilla.suse.com/1143492"
},
{
"category": "external",
"summary": "SUSE Bug 1145242 for CVE-2019-5868",
"url": "https://bugzilla.suse.com/1145242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5868"
},
{
"cve": "CVE-2019-5869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5869"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5869",
"url": "https://www.suse.com/security/cve/CVE-2019-5869"
},
{
"category": "external",
"summary": "SUSE Bug 1149143 for CVE-2019-5869",
"url": "https://bugzilla.suse.com/1149143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5869"
},
{
"cve": "CVE-2019-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5870"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5870",
"url": "https://www.suse.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5870",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "critical"
}
],
"title": "CVE-2019-5870"
},
{
"cve": "CVE-2019-5871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5871"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5871",
"url": "https://www.suse.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5871",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5871"
},
{
"cve": "CVE-2019-5872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5872"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5872",
"url": "https://www.suse.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5872",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5872"
},
{
"cve": "CVE-2019-5874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5874"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5874",
"url": "https://www.suse.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5874",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5874"
},
{
"cve": "CVE-2019-5875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5875"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5875",
"url": "https://www.suse.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5875",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5875"
},
{
"cve": "CVE-2019-5876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5876"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5876",
"url": "https://www.suse.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5876",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5876"
},
{
"cve": "CVE-2019-5877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5877"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5877",
"url": "https://www.suse.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5877",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5877"
},
{
"cve": "CVE-2019-5878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5878"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5878",
"url": "https://www.suse.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5878",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5878"
},
{
"cve": "CVE-2019-5879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5879"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5879",
"url": "https://www.suse.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5879",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2019-5879"
},
{
"cve": "CVE-2019-5880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5880"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5880",
"url": "https://www.suse.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5880",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5880"
},
{
"cve": "CVE-2019-5881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5881"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5881",
"url": "https://www.suse.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5881",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromedriver-78.0.3904.87-10.1.x86_64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.aarch64",
"SUSE Package Hub 12 SP3:chromium-78.0.3904.87-10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-11-06T17:25:26Z",
"details": "important"
}
],
"title": "CVE-2019-5881"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…