Overview

File _patchinfo of Package patchinfo.11406

<patchinfo incident="11406">
  <issue tracker="bnc" id="1151229">VUL-0: CVE-2019-13685,CVE-2019-13686,CVE-2019-13687,CVE-2019-13688: chromium: multiple use-after-free issues fixed in 77.0.3865.90</issue>
  <issue tracker="bnc" id="1153660">VUL-0: chromium: multiple security issues fixed in 77.0.3865.120</issue>
  <issue tracker="bnc" id="1149143">VUL-0: CVE-2019-5869: chromium: Use-after-free in Blink</issue>
  <issue tracker="bnc" id="1145242">VUL-0: chromium: multiple security issues fixed in 76.0.3809.100</issue>
  <issue tracker="bnc" id="1144625">chromium: Can't open some HTTPS sites (NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)</issue>
  <issue tracker="bnc" id="1150425">VUL-0: chromium: multiple security issues fixed in 77.0.3865.75</issue>
  <issue tracker="bnc" id="1143492">VUL-0: chromium: multiple security issues fixed in 76.0.3809.87</issue>
  <issue tracker="bnc" id="1154806">VUL-0: chromium: multiple security issues fixed in 78.0.3904.70</issue>
  <issue tracker="bnc" id="1155643">VUL-0: chromium: multiple security issues fixed in 78.0.3904.87</issue>
  <issue tracker="bnc" id="1146219">network:chromium/chromium: Bug - No video playback on Intel Kaby Lake and later</issue>
  <issue tracker="cve" id="2019-13693"/>
  <issue tracker="cve" id="2019-13699"/>
  <issue tracker="cve" id="2019-13721"/>
  <issue tracker="cve" id="2019-15903"/>
  <issue tracker="cve" id="2019-5850"/>
  <issue tracker="cve" id="2019-13688"/>
  <issue tracker="cve" id="2019-13681"/>
  <issue tracker="cve" id="2019-13675"/>
  <issue tracker="cve" id="2019-13671"/>
  <issue tracker="cve" id="2019-13718"/>
  <issue tracker="cve" id="2019-13719"/>
  <issue tracker="cve" id="2019-13695"/>
  <issue tracker="cve" id="2019-13687"/>
  <issue tracker="cve" id="2019-5851"/>
  <issue tracker="cve" id="2019-5875"/>
  <issue tracker="cve" id="2019-13715"/>
  <issue tracker="cve" id="2019-13696"/>
  <issue tracker="cve" id="2019-5856"/>
  <issue tracker="cve" id="2019-13686"/>
  <issue tracker="cve" id="2019-13664"/>
  <issue tracker="cve" id="2019-13668"/>
  <issue tracker="cve" id="2019-5879"/>
  <issue tracker="cve" id="2019-13716"/>
  <issue tracker="cve" id="2019-13660"/>
  <issue tracker="cve" id="2019-13659"/>
  <issue tracker="cve" id="2019-5871"/>
  <issue tracker="cve" id="2019-13709"/>
  <issue tracker="cve" id="2019-13669"/>
  <issue tracker="cve" id="2019-5864"/>
  <issue tracker="cve" id="2019-13676"/>
  <issue tracker="cve" id="2019-13714"/>
  <issue tracker="cve" id="2019-13717"/>
  <issue tracker="cve" id="2019-13704"/>
  <issue tracker="cve" id="2019-5852"/>
  <issue tracker="cve" id="2019-13682"/>
  <issue tracker="cve" id="2019-5853"/>
  <issue tracker="cve" id="2019-5867"/>
  <issue tracker="cve" id="2019-5881"/>
  <issue tracker="cve" id="2019-13670"/>
  <issue tracker="cve" id="2019-13706"/>
  <issue tracker="cve" id="2019-5870"/>
  <issue tracker="cve" id="2019-13705"/>
  <issue tracker="cve" id="2019-5880"/>
  <issue tracker="cve" id="2019-5874"/>
  <issue tracker="cve" id="2019-5858"/>
  <issue tracker="cve" id="2019-13710"/>
  <issue tracker="cve" id="2019-5877"/>
  <issue tracker="cve" id="2019-5860"/>
  <issue tracker="cve" id="2019-5878"/>
  <issue tracker="cve" id="2019-13674"/>
  <issue tracker="cve" id="2019-5868"/>
  <issue tracker="cve" id="2019-13683"/>
  <issue tracker="cve" id="2019-5859"/>
  <issue tracker="cve" id="2019-13673"/>
  <issue tracker="cve" id="2019-13667"/>
  <issue tracker="cve" id="2019-13694"/>
  <issue tracker="cve" id="2019-5857"/>
  <issue tracker="cve" id="2019-13703"/>
  <issue tracker="cve" id="2019-13680"/>
  <issue tracker="cve" id="2019-5872"/>
  <issue tracker="cve" id="2019-13713"/>
  <issue tracker="cve" id="2019-13707"/>
  <issue tracker="cve" id="2019-13665"/>
  <issue tracker="cve" id="2019-13661"/>
  <issue tracker="cve" id="2019-13708"/>
  <issue tracker="cve" id="2019-13702"/>
  <issue tracker="cve" id="2019-13711"/>
  <issue tracker="cve" id="2019-5861"/>
  <issue tracker="cve" id="2019-13697"/>
  <issue tracker="cve" id="2019-5862"/>
  <issue tracker="cve" id="2019-13701"/>
  <issue tracker="cve" id="2019-5869"/>
  <issue tracker="cve" id="2019-13677"/>
  <issue tracker="cve" id="2019-13663"/>
  <issue tracker="cve" id="2019-5876"/>
  <issue tracker="cve" id="2019-5855"/>
  <issue tracker="cve" id="2019-5863"/>
  <issue tracker="cve" id="2019-13720"/>
  <issue tracker="cve" id="2019-13679"/>
  <issue tracker="cve" id="2019-5865"/>
  <issue tracker="cve" id="2019-13678"/>
  <issue tracker="cve" id="2019-13700"/>
  <issue tracker="cve" id="2019-13685"/>
  <issue tracker="cve" id="2019-13666"/>
  <issue tracker="cve" id="2019-5854"/>
  <issue tracker="cve" id="2019-13662"/>
  <packager>scarabeus_iv</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for chromium</summary>
  <description>This update for chromium fixes the following issues:
	  
Chromium was updated to 78.0.3904.87: 
(boo#1155643,boo#1154806,boo#1153660, boo#1151229,boo#1149143,boo#1145242,boo#1143492)

Security issues fixed with this version update: 

  * CVE-2019-13721: Use-after-free in PDFium
  * CVE-2019-13720: Use-after-free in audio
  * CVE-2019-13699: Use-after-free in media
  * CVE-2019-13700: Buffer overrun in Blink
  * CVE-2019-13701: URL spoof in navigation
  * CVE-2019-13702: Privilege elevation in Installer
  * CVE-2019-13703: URL bar spoofing
  * CVE-2019-13704: CSP bypass
  * CVE-2019-13705: Extension permission bypass
  * CVE-2019-13706: Out-of-bounds read in PDFium
  * CVE-2019-13707: File storage disclosure
  * CVE-2019-13708: HTTP authentication spoof
  * CVE-2019-13709: File download protection bypass
  * CVE-2019-13710: File download protection bypass
  * CVE-2019-13711: Cross-context information leak
  * CVE-2019-15903: Buffer overflow in expat
  * CVE-2019-13713: Cross-origin data leak
  * CVE-2019-13714: CSS injection
  * CVE-2019-13715: Address bar spoofing
  * CVE-2019-13716: Service worker state error
  * CVE-2019-13717: Notification obscured
  * CVE-2019-13718: IDN spoof
  * CVE-2019-13719: Notification obscured
  * CVE-2019-13693: Use-after-free in IndexedDB
  * CVE-2019-13694: Use-after-free in WebRTC
  * CVE-2019-13695: Use-after-free in audio
  * CVE-2019-13696: Use-after-free in V8
  * CVE-2019-13697: Cross-origin size leak. 
  * CVE-2019-13685: Use-after-free in UI
  * CVE-2019-13688: Use-after-free in media
  * CVE-2019-13687: Use-after-free in media
  * CVE-2019-13686: Use-after-free in offline pages
  * CVE-2019-5870: Use-after-free in media
  * CVE-2019-5871: Heap overflow in Skia
  * CVE-2019-5872: Use-after-free in Mojo
  * CVE-2019-5874: External URIs may trigger other browsers
  * CVE-2019-5875: URL bar spoof via download redirect
  * CVE-2019-5876: Use-after-free in media
  * CVE-2019-5877: Out-of-bounds access in V8
  * CVE-2019-5878: Use-after-free in V8
  * CVE-2019-5879: Extension can bypass same origin policy
  * CVE-2019-5880: SameSite cookie bypass
  * CVE-2019-5881: Arbitrary read in SwiftShader
  * CVE-2019-13659: URL spoof
  * CVE-2019-13660: Full screen notification overlap
  * CVE-2019-13661: Full screen notification spoof
  * CVE-2019-13662: CSP bypass
  * CVE-2019-13663: IDN spoof
  * CVE-2019-13664: CSRF bypass
  * CVE-2019-13665: Multiple file download protection bypass
  * CVE-2019-13666: Side channel using storage size estimate
  * CVE-2019-13667: URI bar spoof when using external app URIs
  * CVE-2019-13668: Global window leak via console
  * CVE-2019-13669: HTTP authentication spoof
  * CVE-2019-13670: V8 memory corruption in regex
  * CVE-2019-13671: Dialog box fails to show origin
  * CVE-2019-13673: Cross-origin information leak using devtools
  * CVE-2019-13674: IDN spoofing
  * CVE-2019-13675: Extensions can be disabled by trailing slash
  * CVE-2019-13676: Google URI shown for certificate warning
  * CVE-2019-13677: Chrome web store origin needs to be isolated
  * CVE-2019-13678: Download dialog spoofing
  * CVE-2019-13679: User gesture needed for printing
  * CVE-2019-13680: IP address spoofing to servers
  * CVE-2019-13681: Bypass on download restrictions
  * CVE-2019-13682: Site isolation bypass
  * CVE-2019-13683: Exceptions leaked by devtools
  * CVE-2019-5869: Use-after-free in Blink
  * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
  * CVE-2019-5867: Out-of-bounds read in V8
  * CVE-2019-5850: Use-after-free in offline page fetcher
  * CVE-2019-5860: Use-after-free in PDFium
  * CVE-2019-5853: Memory corruption in regexp length check
  * CVE-2019-5851: Use-after-poison in offline audio context
  * CVE-2019-5859: res: URIs can load alternative browsers
  * CVE-2019-5856: Insufficient checks on filesystem: URI permissions
  * CVE-2019-5855: Integer overflow in PDFium
  * CVE-2019-5865: Site isolation bypass from compromised renderer
  * CVE-2019-5858: Insufficient filtering of Open URL service parameters
  * CVE-2019-5864: Insufficient port filtering in CORS for extensions
  * CVE-2019-5862: AppCache not robust to compromised renderers
  * CVE-2019-5861: Click location incorrectly checked
  * CVE-2019-5857: Comparison of -0 and null yields crash
  * CVE-2019-5854: Integer overflow in PDFium text rendering
  * CVE-2019-5852: Object leak of utility functions
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places