An update that fixes 21 vulnerabilities is now available.
Description:
This update for chromium, re2 fixes the following issues:
Chromium was updated to 78.0.3904.70 boo#1154806:
- CVE-2019-13699: Use-after-free in media
- CVE-2019-13700: Buffer overrun in Blink
- CVE-2019-13701: URL spoof in navigation
- CVE-2019-13702: Privilege elevation in Installer
- CVE-2019-13703: URL bar spoofing
- CVE-2019-13704: CSP bypass
- CVE-2019-13705: Extension permission bypass
- CVE-2019-13706: Out-of-bounds read in PDFium
- CVE-2019-13707: File storage disclosure
- CVE-2019-13708: HTTP authentication spoof
- CVE-2019-13709: File download protection bypass
- CVE-2019-13710: File download protection bypass
- CVE-2019-13711: Cross-context information leak
- CVE-2019-15903: Buffer overflow in expat
- CVE-2019-13713: Cross-origin data leak
- CVE-2019-13714: CSS injection
- CVE-2019-13715: Address bar spoofing
- CVE-2019-13716: Service worker state error
- CVE-2019-13717: Notification obscured
- CVE-2019-13718: IDN spoof
- CVE-2019-13719: Notification obscured
- Various fixes from internal audits, fuzzing and other initiatives
- Use internal resources for icon and appdata
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: