Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1666-1 Final 1 1 2019-06-28T12:43:15Z current 2019-06-28T12:43:15Z 2019-06-28T12:43:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287): * CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332: * CVE-2019-5828: Use after free in ServiceWorker * CVE-2019-5829: Use after free in Download Manager * CVE-2019-5830: Incorrectly credentialed requests in CORS * CVE-2019-5831: Incorrect map processing in V8 * CVE-2019-5832: Incorrect CORS handling in XHR * CVE-2019-5833: Inconsistent security UI placemen * CVE-2019-5835: Out of bounds read in Swiftshader * CVE-2019-5836: Heap buffer overflow in Angle * CVE-2019-5837: Cross-origin resources size disclosure in Appcache * CVE-2019-5838: Overly permissive tab access in Extensions * CVE-2019-5839: Incorrect handling of certain code points in Blink * CVE-2019-5840: Popup blocker bypass * Various fixes from internal audits, fuzzing and other initiatives * CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169: * Feature fixes update only Update to 74.0.3729.157: * Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218): * CVE-2019-5827: Out-of-bounds access in SQLite * CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313: * CVE-2019-5805: Use after free in PDFium * CVE-2019-5806: Integer overflow in Angle * CVE-2019-5807: Memory corruption in V8 * CVE-2019-5808: Use after free in Blink * CVE-2019-5809: Use after free in Blink * CVE-2019-5810: User information disclosure in Autofill * CVE-2019-5811: CORS bypass in Blink * CVE-2019-5813: Out of bounds read in V8 * CVE-2019-5814: CORS bypass in Blink * CVE-2019-5815: Heap buffer overflow in Blink * CVE-2019-5818: Uninitialized value in media reader * CVE-2019-5819: Incorrect escaping in developer tools * CVE-2019-5820: Integer overflow in PDFium * CVE-2019-5821: Integer overflow in PDFium * CVE-2019-5822: CORS bypass in download manager * CVE-2019-5823: Forced navigation from service worker * CVE-2019-5812: URL spoof in Omnibox on iOS * CVE-2019-5816: Exploit persistence extension on Android * CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103: * Various feature fixes Update to 73.0.3683.86: * Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059: * CVE-2019-5787: Use after free in Canvas. * CVE-2019-5788: Use after free in FileAPI. * CVE-2019-5789: Use after free in WebMIDI. * CVE-2019-5790: Heap buffer overflow in V8. * CVE-2019-5791: Type confusion in V8. * CVE-2019-5792: Integer overflow in PDFium. * CVE-2019-5793: Excessive permissions for private API in Extensions. * CVE-2019-5794: Security UI spoofing. * CVE-2019-5795: Integer overflow in PDFium. * CVE-2019-5796: Race condition in Extensions. * CVE-2019-5797: Race condition in DOMStorage. * CVE-2019-5798: Out of bounds read in Skia. * CVE-2019-5799: CSP bypass with blob URL. * CVE-2019-5800: CSP bypass with blob URL. * CVE-2019-5801: Incorrect Omnibox display on iOS. * CVE-2019-5802: Security UI spoofing. * CVE-2019-5803: CSP bypass with Javascript URLs'. * CVE-2019-5804: Command line command injection on Windows. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1666 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV E-Mail link for openSUSE-SU-2019:1666-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1129059 SUSE Bug 1129059 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 https://bugzilla.suse.com/1134218 SUSE Bug 1134218 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 https://bugzilla.suse.com/1138287 SUSE Bug 1138287 https://www.suse.com/security/cve/CVE-2019-5787/ SUSE CVE CVE-2019-5787 page https://www.suse.com/security/cve/CVE-2019-5788/ SUSE CVE CVE-2019-5788 page https://www.suse.com/security/cve/CVE-2019-5789/ SUSE CVE CVE-2019-5789 page https://www.suse.com/security/cve/CVE-2019-5790/ SUSE CVE CVE-2019-5790 page https://www.suse.com/security/cve/CVE-2019-5791/ SUSE CVE CVE-2019-5791 page https://www.suse.com/security/cve/CVE-2019-5792/ SUSE CVE CVE-2019-5792 page https://www.suse.com/security/cve/CVE-2019-5793/ SUSE CVE CVE-2019-5793 page https://www.suse.com/security/cve/CVE-2019-5794/ SUSE CVE CVE-2019-5794 page https://www.suse.com/security/cve/CVE-2019-5795/ SUSE CVE CVE-2019-5795 page https://www.suse.com/security/cve/CVE-2019-5796/ SUSE CVE CVE-2019-5796 page https://www.suse.com/security/cve/CVE-2019-5797/ SUSE CVE CVE-2019-5797 page https://www.suse.com/security/cve/CVE-2019-5798/ SUSE CVE CVE-2019-5798 page https://www.suse.com/security/cve/CVE-2019-5799/ SUSE CVE CVE-2019-5799 page https://www.suse.com/security/cve/CVE-2019-5800/ SUSE CVE CVE-2019-5800 page https://www.suse.com/security/cve/CVE-2019-5801/ SUSE CVE CVE-2019-5801 page https://www.suse.com/security/cve/CVE-2019-5802/ SUSE CVE CVE-2019-5802 page https://www.suse.com/security/cve/CVE-2019-5803/ SUSE CVE CVE-2019-5803 page https://www.suse.com/security/cve/CVE-2019-5804/ SUSE CVE CVE-2019-5804 page https://www.suse.com/security/cve/CVE-2019-5805/ SUSE CVE CVE-2019-5805 page https://www.suse.com/security/cve/CVE-2019-5806/ SUSE CVE CVE-2019-5806 page https://www.suse.com/security/cve/CVE-2019-5807/ SUSE CVE CVE-2019-5807 page https://www.suse.com/security/cve/CVE-2019-5808/ SUSE CVE CVE-2019-5808 page https://www.suse.com/security/cve/CVE-2019-5809/ SUSE CVE CVE-2019-5809 page https://www.suse.com/security/cve/CVE-2019-5810/ SUSE CVE CVE-2019-5810 page https://www.suse.com/security/cve/CVE-2019-5811/ SUSE CVE CVE-2019-5811 page https://www.suse.com/security/cve/CVE-2019-5812/ SUSE CVE CVE-2019-5812 page https://www.suse.com/security/cve/CVE-2019-5813/ SUSE CVE CVE-2019-5813 page https://www.suse.com/security/cve/CVE-2019-5814/ SUSE CVE CVE-2019-5814 page https://www.suse.com/security/cve/CVE-2019-5815/ SUSE CVE CVE-2019-5815 page https://www.suse.com/security/cve/CVE-2019-5816/ SUSE CVE CVE-2019-5816 page https://www.suse.com/security/cve/CVE-2019-5817/ SUSE CVE CVE-2019-5817 page https://www.suse.com/security/cve/CVE-2019-5818/ SUSE CVE CVE-2019-5818 page https://www.suse.com/security/cve/CVE-2019-5819/ SUSE CVE CVE-2019-5819 page https://www.suse.com/security/cve/CVE-2019-5820/ SUSE CVE CVE-2019-5820 page https://www.suse.com/security/cve/CVE-2019-5821/ SUSE CVE CVE-2019-5821 page https://www.suse.com/security/cve/CVE-2019-5822/ SUSE CVE CVE-2019-5822 page https://www.suse.com/security/cve/CVE-2019-5823/ SUSE CVE CVE-2019-5823 page https://www.suse.com/security/cve/CVE-2019-5824/ SUSE CVE CVE-2019-5824 page https://www.suse.com/security/cve/CVE-2019-5827/ SUSE CVE CVE-2019-5827 page https://www.suse.com/security/cve/CVE-2019-5828/ SUSE CVE CVE-2019-5828 page https://www.suse.com/security/cve/CVE-2019-5829/ SUSE CVE CVE-2019-5829 page https://www.suse.com/security/cve/CVE-2019-5830/ SUSE CVE CVE-2019-5830 page https://www.suse.com/security/cve/CVE-2019-5831/ SUSE CVE CVE-2019-5831 page https://www.suse.com/security/cve/CVE-2019-5832/ SUSE CVE CVE-2019-5832 page https://www.suse.com/security/cve/CVE-2019-5833/ SUSE CVE CVE-2019-5833 page https://www.suse.com/security/cve/CVE-2019-5834/ SUSE CVE CVE-2019-5834 page https://www.suse.com/security/cve/CVE-2019-5835/ SUSE CVE CVE-2019-5835 page https://www.suse.com/security/cve/CVE-2019-5836/ SUSE CVE CVE-2019-5836 page https://www.suse.com/security/cve/CVE-2019-5837/ SUSE CVE CVE-2019-5837 page https://www.suse.com/security/cve/CVE-2019-5838/ SUSE CVE CVE-2019-5838 page https://www.suse.com/security/cve/CVE-2019-5839/ SUSE CVE CVE-2019-5839 page https://www.suse.com/security/cve/CVE-2019-5840/ SUSE CVE CVE-2019-5840 page https://www.suse.com/security/cve/CVE-2019-5842/ SUSE CVE CVE-2019-5842 page SUSE Package Hub 12 SP3 SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Leap 15.1 chromedriver-75.0.3770.90-bp150.213.3 chromium-75.0.3770.90-bp150.213.3 chromedriver-75.0.3770.90-bp150.213.3 as a component of SUSE Package Hub 12 SP3 chromium-75.0.3770.90-bp150.213.3 as a component of SUSE Package Hub 12 SP3 chromedriver-75.0.3770.90-bp150.213.3 as a component of SUSE Package Hub 15 chromium-75.0.3770.90-bp150.213.3 as a component of SUSE Package Hub 15 chromedriver-75.0.3770.90-bp150.213.3 as a component of openSUSE Leap 15.0 chromium-75.0.3770.90-bp150.213.3 as a component of openSUSE Leap 15.0 chromedriver-75.0.3770.90-bp150.213.3 as a component of openSUSE Leap 15.1 chromium-75.0.3770.90-bp150.213.3 as a component of openSUSE Leap 15.1 Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5787 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5787.html CVE-2019-5787 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-5788 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5788.html CVE-2019-5788 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-5789 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5789.html CVE-2019-5789 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2019-5790 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5790.html CVE-2019-5790 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2019-5791 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5791.html CVE-2019-5791 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. CVE-2019-5792 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5792.html CVE-2019-5792 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. CVE-2019-5793 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5793.html CVE-2019-5793 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5794 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5794.html CVE-2019-5794 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. CVE-2019-5795 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5795.html CVE-2019-5795 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5796 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5796.html CVE-2019-5796 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5797 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5797.html CVE-2019-5797 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2019-5798 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5798.html CVE-2019-5798 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 https://bugzilla.suse.com/1135824 SUSE Bug 1135824 Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-5799 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5799.html CVE-2019-5799 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-5800 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5800.html CVE-2019-5800 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5801 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5801.html CVE-2019-5801 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5802 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5802.html CVE-2019-5802 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-5803 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5803.html CVE-2019-5803 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. CVE-2019-5804 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5804.html CVE-2019-5804 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5805 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5805.html CVE-2019-5805 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5806 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5806.html CVE-2019-5806 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5807 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5807.html CVE-2019-5807 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5808 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5808.html CVE-2019-5808 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. CVE-2019-5809 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5809.html CVE-2019-5809 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5810 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5810.html CVE-2019-5810 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-5811 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5811.html CVE-2019-5811 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5812 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5812.html CVE-2019-5812 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5813 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5813.html CVE-2019-5813 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5814 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5814.html CVE-2019-5814 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. CVE-2019-5815 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5815.html CVE-2019-5815 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. CVE-2019-5816 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5816.html CVE-2019-5816 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5817 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5817.html CVE-2019-5817 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. CVE-2019-5818 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5818.html CVE-2019-5818 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. CVE-2019-5819 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5819.html CVE-2019-5819 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5820 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5820.html CVE-2019-5820 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5821 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5821.html CVE-2019-5821 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-5822 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5822.html CVE-2019-5822 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5823 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5823.html CVE-2019-5823 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5824 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5824.html CVE-2019-5824 https://bugzilla.suse.com/1134218 SUSE Bug 1134218 Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5827 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5827.html CVE-2019-5827 https://bugzilla.suse.com/1134218 SUSE Bug 1134218 Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5828 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5828.html CVE-2019-5828 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5829 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5829.html CVE-2019-5829 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5830 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5830.html CVE-2019-5830 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5831 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5831.html CVE-2019-5831 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5832 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5832.html CVE-2019-5832 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. CVE-2019-5833 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5833.html CVE-2019-5833 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5834 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5834.html CVE-2019-5834 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5835 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5835.html CVE-2019-5835 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5836 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5836.html CVE-2019-5836 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5837 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5837.html CVE-2019-5837 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. CVE-2019-5838 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5838.html CVE-2019-5838 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. CVE-2019-5839 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5839.html CVE-2019-5839 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5840 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5840.html CVE-2019-5840 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5842 SUSE Package Hub 12 SP3:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 12 SP3:chromium-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromedriver-75.0.3770.90-bp150.213.3 SUSE Package Hub 15:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.0:chromium-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromedriver-75.0.3770.90-bp150.213.3 openSUSE Leap 15.1:chromium-75.0.3770.90-bp150.213.3 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV/#5VVYZ3GC3OTOPB2PPY5NYCHCFEYLSYXV https://www.suse.com/security/cve/CVE-2019-5842.html CVE-2019-5842 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 https://bugzilla.suse.com/1138287 SUSE Bug 1138287