Overview

File _patchinfo of Package patchinfo.11374

<patchinfo incident="11374">
  <issue tracker="bnc" id="1154806">VUL-0: chromium: multiple security issues fixed in 78.0.3904.70</issue>
  <issue tracker="cve" id="2019-13718"/>
  <issue tracker="cve" id="2019-13699"/>
  <issue tracker="cve" id="2019-13716"/>
  <issue tracker="cve" id="2019-15903"/>
  <issue tracker="cve" id="2019-13714"/>
  <issue tracker="cve" id="2019-13711"/>
  <issue tracker="cve" id="2019-13710"/>
  <issue tracker="cve" id="2019-13715"/>
  <issue tracker="cve" id="2019-13717"/>
  <issue tracker="cve" id="2019-13719"/>
  <issue tracker="cve" id="2019-13713"/>
  <issue tracker="cve" id="2019-13708"/>
  <issue tracker="cve" id="2019-13709"/>
  <issue tracker="cve" id="2019-13706"/>
  <issue tracker="cve" id="2019-13707"/>
  <issue tracker="cve" id="2019-13704"/>
  <issue tracker="cve" id="2019-13705"/>
  <issue tracker="cve" id="2019-13702"/>
  <issue tracker="cve" id="2019-13703"/>
  <issue tracker="cve" id="2019-13700"/>
  <issue tracker="cve" id="2019-13701"/>
  <category>security</category>
  <rating>important</rating>
  <packager>AndreasStieger</packager>
  <description>This update for chromium, re2 fixes the following issues:

Chromium was updated to 78.0.3904.70 boo#1154806:

* CVE-2019-13699: Use-after-free in media
* CVE-2019-13700: Buffer overrun in Blink
* CVE-2019-13701: URL spoof in navigation
* CVE-2019-13702: Privilege elevation in Installer
* CVE-2019-13703: URL bar spoofing
* CVE-2019-13704: CSP bypass
* CVE-2019-13705: Extension permission bypass
* CVE-2019-13706: Out-of-bounds read in PDFium
* CVE-2019-13707: File storage disclosure
* CVE-2019-13708: HTTP authentication spoof
* CVE-2019-13709: File download protection bypass
* CVE-2019-13710: File download protection bypass
* CVE-2019-13711: Cross-context information leak
* CVE-2019-15903: Buffer overflow in expat
* CVE-2019-13713: Cross-origin data leak
* CVE-2019-13714: CSS injection
* CVE-2019-13715: Address bar spoofing
* CVE-2019-13716: Service worker state error
* CVE-2019-13717: Notification obscured
* CVE-2019-13718: IDN spoof
* CVE-2019-13719: Notification obscured
* Various fixes from internal audits, fuzzing and other initiatives

- Use internal resources for icon and appdata

</description>
  <summary>Security update for chromium, re2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places