openSUSE Security Update : chromium (openSUSE-2019-205)

This update for Chromium to version 72.0.3626.96 fixes the following issues : Security issues fixed bsc1123641 and bsc1124936 : - CVE-2019-5784: Inappropriate implementation in V8 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2019:0204-1 Rating: important References: 1123641 1124936 Cross-References: CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-57...

Critical: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 6 : chromium-browser (RHSA-2019:0309)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0309 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 72.0.3626.81. Security Fixes:...

Google Chrome ServiceWorker Policy Enforcement Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. ServiceWorker is one of the background messaging components. A security vulnerability exists in ServiceWorker in versions of Google Chrome prior to 72.0.3626.81, which stems from the program failing to adequately...

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

[SECURITY] [DSA 4330-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...

chromium-browser: Lack of limits on update() in ServiceWorker

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Unspecified Vulnerability in Google Chrome ServiceWorker (CNVD-2018-22391)

Google Chrome is the United States Google Google company developed a Web browser. ServiceWorker is one of the background messaging components. A security vulnerability exists in ServiceWorker in versions of Google Chrome prior to 70.0.3538.67. No details of the vulnerability are provided at this...

Google Chrome Security Updates (stable-channel-update-for-desktop-2018-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Security update for Chromium (important)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530: - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC -...

CVE-2018-6159

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17046)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in ServiceWorker in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

Google Chrome < 51.0.2704.63 Multiple Vulnerabilities

Binary data 9372.pasl...

openSUSE Security Update : Chromium (openSUSE-2016-682)

Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities : - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools ...

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...

Design/Logic Flaw

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...