Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for chromium

chromium was updated to fix 30 security issues.

These security issues were fixed:
- CVE-2015-1209: Use-after-free in DOM (bnc#916841).
- CVE-2015-1205: Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allowed attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-7948: The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allowed man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate.
- CVE-2014-7940: The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, did not initialize memory for a data structure, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence (bnc#914468).
- CVE-2014-7941: The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 used an incorrect data type for a certain length value, which allowed remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data (bnc#914468).
- CVE-2014-7942: The Fonts implementation in Google Chrome before 40.0.2214.91 did not initialize memory for a data structure, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (bnc#914468).
- CVE-2014-7943: Skia, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2014-7944: The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, did not properly handle odd values of image width, which allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
- CVE-2014-7945: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.
- CVE-2014-7946: The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allowed remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.
- CVE-2014-7947: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
- CVE-2014-7928: hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, did not properly handle arrays with holes, which allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy (bnc#914468).
- CVE-2014-7929: Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents (bnc#914468).
- CVE-2014-7926: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923 (bnc#914468).
- CVE-2014-7927: The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, did not properly choose an integer data type, which allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code (bnc#914468).
- CVE-2014-7924: Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allowed remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc (bnc#914468).
- CVE-2014-7925: Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained (bnc#914468).
- CVE-2014-7923: The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926 (bnc#914468).
- CVE-2015-1211: Privilege escalation in service workers (bnc#916838).
- CVE-2015-1210: Cross-origin-bypass in V8 bindings (bnc#916843).
- CVE-2015-1212: DoS or possibly other impact via unknown vectors (bnc#916840).
- CVE-2014-7939: Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allowed remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header (bnc#914468).
- CVE-2014-7938: The Fonts implementation in Google Chrome before 40.0.2214.91 allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors (bnc#914468).
- CVE-2014-7935: Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab (bnc#914468).
- CVE-2014-7934: Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures (bnc#914468).
- CVE-2014-7937: Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data (bnc#914468).
- CVE-2014-7936: Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble (bnc#914468).
- CVE-2014-7930: Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data (bnc#914468).
- CVE-2014-7933: Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.
- CVE-2014-7932: Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements (bnc#914468).

Fixed bugs
CVE-CVE-2015-1209
CVE-CVE-2015-1205
CVE-CVE-2014-7948
CVE-CVE-2014-7940
CVE-CVE-2014-7941
CVE-CVE-2014-7942
CVE-CVE-2014-7943
CVE-CVE-2014-7944
CVE-CVE-2014-7945
CVE-CVE-2014-7946
CVE-CVE-2014-7947
CVE-CVE-2014-7928
CVE-CVE-2014-7929
CVE-CVE-2014-7926
CVE-CVE-2014-7927
CVE-CVE-2014-7924
CVE-CVE-2014-7925
CVE-CVE-2014-7923
CVE-CVE-2015-1211
CVE-CVE-2015-1210
CVE-CVE-2015-1212
CVE-CVE-2014-7939
CVE-CVE-2014-7938
CVE-CVE-2014-7935
CVE-CVE-2014-7934
CVE-CVE-2014-7937
CVE-CVE-2014-7936
CVE-CVE-2014-7930
CVE-CVE-2014-7933
CVE-CVE-2014-7932
bnc#916841
VUL-0: CVE-2015-1209: chromium-browser: Use-after-free in DOM
bnc#914468
VUL-0: chromium: January update 2015
bnc#916838
VUL-0: CVE-2015-1211: chromium-browser: Privilege escalation in service workers
bnc#916843
VUL-0: CVE-2015-1210: chromium-browser: cross-origin-bypass in V8 bindings
bnc#916840
VUL-0: CVE-2015-1212: chromium-browser: DoS or possibly other impact via unknown vectors.
Selected Binaries
openSUSE Build Service is sponsored by
Places