Recommended update for chromium (important)

2016-09-15T03:08:51
ID OPENSUSE-SU-2016:2309-1
Type suse
Reporter Suse
Modified 2016-09-15T03:08:51

Description

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs.

The following vulnerabilities were fixed:

  • CVE-2016-5170: Use after free in Blink
  • CVE-2016-5171: Use after free in Blink
  • CVE-2016-5172: Arbitrary Memory Read in v8
  • CVE-2016-5173: Extension resource access
  • CVE-2016-5174: Popup not correctly suppressed
  • CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.

The following upstream fixes are included:

  • SPDY crasher fixes
  • Disable NV12 DXGI video on AMD
  • Forward --password-store switch to os_crypt
  • Tell the kernel to discard USB requests when they time out.
  • disallow WKBackForwardListItem navigations for pushState pages
  • arc: bluetooth: Fix advertised uuid
  • fix conflicting PendingIntent for stop button and swipe away

The widevine plugin was re-enabled (boo#998328).