Security update for Chromium (important)

2016-07-25T15:08:48
ID OPENSUSE-SU-2016:1865-1
Type suse
Reporter Suse
Modified 2016-07-25T15:08:48

Description

Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901):

  • CVE-2016-1706: Sandbox escape in PPAPI
  • CVE-2016-1707: URL spoofing on iOS
  • CVE-2016-1708: Use-after-free in Extensions
  • CVE-2016-1709: Heap-buffer-overflow in sfntly
  • CVE-2016-1710: Same-origin bypass in Blink
  • CVE-2016-1711: Same-origin bypass in Blink
  • CVE-2016-5127: Use-after-free in Blink
  • CVE-2016-5128: Same-origin bypass in V8
  • CVE-2016-5129: Memory corruption in V8
  • CVE-2016-5130: URL spoofing
  • CVE-2016-5131: Use-after-free in libxml
  • CVE-2016-5132: Limited same-origin bypass in Service Workers
  • CVE-2016-5133: Origin confusion in proxy authentication
  • CVE-2016-5134: URL leakage via PAC script
  • CVE-2016-5135: Content-Security-Policy bypass
  • CVE-2016-5136: Use after free in extensions
  • CVE-2016-5137: History sniffing with HSTS and CSP
  • CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives