Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0748-1 Final 1 1 2015-04-21T15:14:52Z current 2015-04-21T15:14:52Z 2015-04-21T15:14:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to latest stable release 42.0.2311.90 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1235: Cross-origin-bypass in HTML parser. * CVE-2015-1236: Cross-origin-bypass in Blink. * CVE-2015-1237: Use-after-free in IPC. * CVE-2015-1238: Out-of-bounds write in Skia. * CVE-2015-1240: Out-of-bounds read in WebGL. * CVE-2015-1241: Tap-Jacking. * CVE-2015-1242: Type confusion in V8. * CVE-2015-1244: HSTS bypass in WebSockets. * CVE-2015-1245: Use-after-free in PDFium. * CVE-2015-1246: Out-of-bounds read in Blink. * CVE-2015-1247: Scheme issues in OpenSearch. * CVE-2015-1248: SafeBrowsing bypass. * CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. * CVE-2015-3333: Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14). * CVE-2015-3336: fullscreen and UI locking without user confirmeation * CVE-2015-3335: unspecified impact of crafed programs running in NaCl sandbox * CVE-2015-3334: 'Media: Allowed by you' sometimes not shown in a permissions table New functionality added: * A number of new apps, extension and Web Platform APIs (including the Push API!) * Lots of under the hood changes for stability and performance The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html E-Mail link for openSUSE-SU-2015:0748-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-42.0.2311.90-78.2 chromium-42.0.2311.90-78.2 chromium-desktop-gnome-42.0.2311.90-78.2 chromium-desktop-kde-42.0.2311.90-78.2 chromium-ffmpegsumo-42.0.2311.90-78.2 The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. CVE-2015-1235 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1235.html CVE-2015-1235 https://bugzilla.suse.com/927302 SUSE Bug 927302 The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. CVE-2015-1236 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1236.html CVE-2015-1236 https://bugzilla.suse.com/927302 SUSE Bug 927302 Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation. CVE-2015-1237 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1237.html CVE-2015-1237 https://bugzilla.suse.com/927302 SUSE Bug 927302 Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. CVE-2015-1238 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1238.html CVE-2015-1238 https://bugzilla.suse.com/927302 SUSE Bug 927302 gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. CVE-2015-1240 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1240.html CVE-2015-1240 https://bugzilla.suse.com/927302 SUSE Bug 927302 Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. CVE-2015-1241 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1241.html CVE-2015-1241 https://bugzilla.suse.com/927302 SUSE Bug 927302 The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. CVE-2015-1242 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1242.html CVE-2015-1242 https://bugzilla.suse.com/927302 SUSE Bug 927302 The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. CVE-2015-1244 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1244.html CVE-2015-1244 https://bugzilla.suse.com/927302 SUSE Bug 927302 Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. CVE-2015-1245 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1245.html CVE-2015-1245 https://bugzilla.suse.com/927302 SUSE Bug 927302 Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2015-1246 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1246.html CVE-2015-1246 https://bugzilla.suse.com/927302 SUSE Bug 927302 The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site. CVE-2015-1247 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1247.html CVE-2015-1247 https://bugzilla.suse.com/927302 SUSE Bug 927302 The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL. CVE-2015-1248 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1248.html CVE-2015-1248 https://bugzilla.suse.com/927302 SUSE Bug 927302 Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-1249 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-1249.html CVE-2015-1249 https://bugzilla.suse.com/927302 SUSE Bug 927302 Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2015-3333 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-3333.html CVE-2015-3333 https://bugzilla.suse.com/927302 SUSE Bug 927302 browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. CVE-2015-3334 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-3334.html CVE-2015-3334 https://bugzilla.suse.com/927302 SUSE Bug 927302 The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. CVE-2015-3335 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-3335.html CVE-2015-3335 https://bugzilla.suse.com/927302 SUSE Bug 927302 Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. CVE-2015-3336 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html https://www.suse.com/security/cve/CVE-2015-3336.html CVE-2015-3336 https://bugzilla.suse.com/927302 SUSE Bug 927302