Overview

File _patchinfo of Package patchinfo.8706

<patchinfo incident="8706">
  <issue tracker="bnc" id="1106341">VUL-1: CVE-2017-15430: chromium: Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed aremote attacker to bypass navigation restrictions via a crafted HTML page.</issue>
  <issue tracker="bnc" id="1107235">VUL-0: chromium:  69.0.3497.81 update</issue>
  <issue tracker="cve" id="2017-15430"/>
  <issue tracker="cve" id="2018-16073"/>
  <issue tracker="cve" id="2018-16070"/>
  <issue tracker="cve" id="2018-16071"/>
  <issue tracker="cve" id="2018-16076"/>
  <issue tracker="cve" id="2018-16077"/>
  <issue tracker="cve" id="2018-16074"/>
  <issue tracker="cve" id="2018-16075"/>
  <issue tracker="cve" id="2018-16069"/>
  <issue tracker="cve" id="2018-16066"/>
  <issue tracker="cve" id="2018-16078"/>
  <issue tracker="cve" id="2018-16079"/>
  <issue tracker="cve" id="2018-16083"/>
  <issue tracker="cve" id="2018-16082"/>
  <issue tracker="cve" id="2018-16081"/>
  <issue tracker="cve" id="2018-16080"/>
  <issue tracker="cve" id="2018-16067"/>
  <issue tracker="cve" id="2018-16068"/>
  <issue tracker="cve" id="2018-16065"/>
  <issue tracker="cve" id="2018-16085"/>
  <issue tracker="cve" id="2018-16084"/>
  <issue tracker="cve" id="2018-16086"/>
  <issue tracker="cve" id="2018-16087"/>
  <issue tracker="cve" id="2018-16088"/>
  <category>security</category>
  <rating>important</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for Chromium to version 69.0.3497.81 fixes multiple issues.

Security issues fixed (boo#1107235):

- CVE-2018-16065: Out of bounds write in V8
- CVE-2018-16066:Out of bounds read in Blink
- CVE-2018-16067: Out of bounds read in WebAudio
- CVE-2018-16068: Out of bounds write in Mojo
- CVE-2018-16069:Out of bounds read in SwiftShader
- CVE-2018-16070: Integer overflow in Skia
- CVE-2018-16071: Use after free in WebRTC
- CVE-2018-16073: Site Isolation bypass after tab restore
- CVE-2018-16074: Site Isolation bypass using Blob URLS
- Out of bounds read in Little-CMS
- CVE-2018-16075: Local file access in Blink
- CVE-2018-16076: Out of bounds read in PDFium
- CVE-2018-16077: Content security policy bypass in Blink
- CVE-2018-16078: Credit card information leak in Autofill
- CVE-2018-16079: URL spoof in permission dialogs
- CVE-2018-16080: URL spoof in full screen mode
- CVE-2018-16081: Local file access in DevTools
- CVE-2018-16082: Stack buffer overflow in SwiftShader
- CVE-2018-16083: Out of bounds read in WebRTC
- CVE-2018-16084: User confirmation bypass in external protocol handling
- CVE-2018-16085: Use after free in Memory Instrumentation
- CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341)
- CVE-2018-16086: Script injection in New Tab Page
- CVE-2018-16087: Multiple download restriction bypass
- CVE-2018-16088: User gesture requirement bypass
    
The re2 regular expression library was updated to the current version 2018-09-01.
</description>
  <summary>Security update for chromium</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places