Security update for Chromium (important)

ID OPENSUSE-SU-2018:3273-1
Type suse
Reporter Suse
Modified 2018-10-22T15:16:54


This update for Chromium to version 70.0.3538.67 fixes multiple issues.

Security issues fixed (bsc#1112111):

  • CVE-2018-17462: Sandbox escape in AppCache
  • CVE-2018-17463: Remote code execution in V8
  • Heap buffer overflow in Little CMS in PDFium
  • CVE-2018-17464: URL spoof in Omnibox
  • CVE-2018-17465: Use after free in V8
  • CVE-2018-17466: Memory corruption in Angle
  • CVE-2018-17467: URL spoof in Omnibox
  • CVE-2018-17468: Cross-origin URL disclosure in Blink
  • CVE-2018-17469: Heap buffer overflow in PDFium
  • CVE-2018-17470: Memory corruption in GPU Internals
  • CVE-2018-17471: Security UI occlusion in full screen mode
  • CVE-2018-17473: URL spoof in Omnibox
  • CVE-2018-17474: Use after free in Blink
  • CVE-2018-17475: URL spoof in Omnibox
  • CVE-2018-17476: Security UI occlusion in full screen mode
  • CVE-2018-5179: Lack of limits on update() in ServiceWorker
  • CVE-2018-17477: UI spoof in Extensions

VAAPI hardware accelerated rendering is now enabled by default.

This update contains the following packaging changes:

  • Use the system libusb-1.0 library
  • Use bundled harfbuzz library
  • Disable gnome-keyring to avoid crashes