Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1872-1 Final 1 1 2015-06-24T14:07:17Z current 2015-06-24T14:07:17Z 2015-06-24T14:07:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium chromium was updated to 43.0.2357.130 to fix several security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-1266: Scheme validation error in WebUI * CVE-2015-1268: Cross-origin bypass in Blink * CVE-2015-1267: Cross-origin bypass in Blink * CVE-2015-1269: Normalization error in HSTS/HPKP preload list * boo#935022: Prevent Chromium from downloading a binary blob for speech recognition Contains the following non-security changes: * resolved browser font magnification/scaling issue. * Fixed an issue where sometimes a blank page would print * Icons not displaying properly on Linux The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html E-Mail link for openSUSE-SU-2015:1872-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings chromedriver-43.0.2357.130-89.1 chromium-43.0.2357.130-89.1 chromium-desktop-gnome-43.0.2357.130-89.1 chromium-desktop-kde-43.0.2357.130-89.1 chromium-ffmpegsumo-43.0.2357.130-89.1 content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests. CVE-2015-1266 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html https://www.suse.com/security/cve/CVE-2015-1266.html CVE-2015-1266 https://bugzilla.suse.com/935723 SUSE Bug 935723 Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp. CVE-2015-1267 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html https://www.suse.com/security/cve/CVE-2015-1267.html CVE-2015-1267 https://bugzilla.suse.com/935723 SUSE Bug 935723 bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. CVE-2015-1268 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html https://www.suse.com/security/cve/CVE-2015-1268.html CVE-2015-1268 https://bugzilla.suse.com/935723 SUSE Bug 935723 The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase. CVE-2015-1269 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html https://www.suse.com/security/cve/CVE-2015-1269.html CVE-2015-1269 https://bugzilla.suse.com/935723 SUSE Bug 935723