Security update for chromium, re2 (important)

An update that fixes 21 vulnerabilities is now available.

Description:

This update for chromium, re2 fixes the following issues:

Chromium was updated to 78.0.3904.70 boo#1154806:

• CVE-2019-13699: Use-after-free in media
• CVE-2019-13700: Buffer overrun in Blink
• CVE-2019-13701: URL spoof in navigation
• CVE-2019-13702: Privilege elevation in Installer
• CVE-2019-13703: URL bar spoofing
• CVE-2019-13704: CSP bypass
• CVE-2019-13705: Extension permission bypass
• CVE-2019-13706: Out-of-bounds read in PDFium
• CVE-2019-13707: File storage disclosure
• CVE-2019-13708: HTTP authentication spoof
• CVE-2019-13709: File download protection bypass
• CVE-2019-13710: File download protection bypass
• CVE-2019-13711: Cross-context information leak
• CVE-2019-15903: Buffer overflow in expat
• CVE-2019-13713: Cross-origin data leak
• CVE-2019-13714: CSS injection
• CVE-2019-13715: Address bar spoofing
• CVE-2019-13716: Service worker state error
• CVE-2019-13717: Notification obscured
• CVE-2019-13718: IDN spoof
• CVE-2019-13719: Notification obscured
• Various fixes from internal audits, fuzzing and other initiatives

• Use internal resources for icon and appdata

This update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Backports SLE-15:

  zypper in -t patch openSUSE-2019-2424=1