Security update for Chromium (important)

ID OPENSUSE-SU-2016:1496-1
Type suse
Reporter Suse
Modified 2016-06-05T16:07:48


Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities:

  • CVE-2016-1696: Cross-origin bypass in Extension bindings
  • CVE-2016-1697: Cross-origin bypass in Blink
  • CVE-2016-1698: Information leak in Extension bindings
  • CVE-2016-1699: Parameter sanitization failure in DevTools
  • CVE-2016-1700: Use-after-free in Extensions
  • CVE-2016-1701: Use-after-free in Autofill
  • CVE-2016-1702: Out-of-bounds read in Skia
  • CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives

Also includes vulnerabilities fixed in 51.0.2704.63 (boo#981886):

  • CVE-2016-1672: Cross-origin bypass in extension bindings
  • CVE-2016-1673: Cross-origin bypass in Blink
  • CVE-2016-1674: Cross-origin bypass in extensions
  • CVE-2016-1675: Cross-origin bypass in Blink
  • CVE-2016-1676: Cross-origin bypass in extension bindings
  • CVE-2016-1677: Type confusion in V8
  • CVE-2016-1678: Heap overflow in V8
  • CVE-2016-1679: Heap use-after-free in V8 bindings
  • CVE-2016-1680: Heap use-after-free in Skia
  • CVE-2016-1681: Heap overflow in PDFium
  • CVE-2016-1682: CSP bypass for ServiceWorker
  • CVE-2016-1683: Out-of-bounds access in libxslt
  • CVE-2016-1684: Integer overflow in libxslt
  • CVE-2016-1685: Out-of-bounds read in PDFium
  • CVE-2016-1686: Out-of-bounds read in PDFium
  • CVE-2016-1687: Information leak in extensions
  • CVE-2016-1688: Out-of-bounds read in V8
  • CVE-2016-1689: Heap buffer overflow in media
  • CVE-2016-1690: Heap use-after-free in Autofill
  • CVE-2016-1691: Heap buffer-overflow in Skia
  • CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
  • CVE-2016-1693: HTTP Download of Software Removal Tool
  • CVE-2016-1694: HPKP pins removed on cache clearance
  • CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives