Security update for chromium (important)

2017-07-28T18:07:38
ID OPENSUSE-SU-2017:1993-1
Type suse
Reporter Suse
Modified 2017-07-28T18:07:38

Description

This update Chromium to version 60.0.3112.78 fixes security issue and bugs.

The following security issues were fixed:

 * CVE-2017-5091: Use after free in IndexedDB
 * CVE-2017-5092: Use after free in PPAPI
 * CVE-2017-5093: UI spoofing in Blink
 * CVE-2017-5094: Type confusion in extensions
 * CVE-2017-5095: Out-of-bounds write in PDFium
 * CVE-2017-5096: User information leak via Android intents
 * CVE-2017-5097: Out-of-bounds read in Skia
 * CVE-2017-5098: Use after free in V8
 * CVE-2017-5099: Out-of-bounds write in PPAPI
 * CVE-2017-5100: Use after free in Chrome Apps
 * CVE-2017-5101: URL spoofing in OmniBox
 * CVE-2017-5102: Uninitialized use in Skia
 * CVE-2017-5103: Uninitialized use in Skia
 * CVE-2017-5104: UI spoofing in browser
 * CVE-2017-7000: Pointer disclosure in SQLite
 * CVE-2017-5105: URL spoofing in OmniBox
 * CVE-2017-5106: URL spoofing in OmniBox
 * CVE-2017-5107: User information leak via SVG
 * CVE-2017-5108: Type confusion in PDFium
 * CVE-2017-5109: UI spoofing in browser
 * CVE-2017-5110: UI spoofing in payments dialog
 * Various fixes from internal audits, fuzzing and other initiatives

A number of upstream bugfixes are also included in this release.