Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2694-1 Final 1 1 2019-12-18T09:15:54Z current 2019-12-18T09:15:54Z 2019-12-18T09:15:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium was updated to 79.0.3945.79 (boo#1158982) - CVE-2019-13725: Fixed a use after free in Bluetooth - CVE-2019-13726: Fixed a heap buffer overflow in password manager - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets - CVE-2019-13728: Fixed an out of bounds write in V8 - CVE-2019-13729: Fixed a use after free in WebSockets - CVE-2019-13730: Fixed a type Confusion in V8 - CVE-2019-13732: Fixed a use after free in WebAudio - CVE-2019-13734: Fixed an out of bounds write in SQLite - CVE-2019-13735: Fixed an out of bounds write in V8 - CVE-2019-13764: Fixed a type Confusion in V8 - CVE-2019-13736: Fixed an integer overflow in PDFium - CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete - CVE-2019-13738: Fixed an insufficient policy enforcement in navigation - CVE-2019-13739: Fixed an incorrect security UI in Omnibox - CVE-2019-13740: Fixed an incorrect security UI in sharing - CVE-2019-13741: Fixed an insufficient validation of untrusted input in Blink - CVE-2019-13742: Fixed an incorrect security UI in Omnibox - CVE-2019-13743: Fixed an incorrect security UI in external protocol handling - CVE-2019-13744: Fixed an insufficient policy enforcement in cookies - CVE-2019-13745: Fixed an insufficient policy enforcement in audio - CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox - CVE-2019-13747: Fixed an uninitialized Use in rendering - CVE-2019-13748: Fixed an insufficient policy enforcement in developer tools - CVE-2019-13749: Fixed an incorrect security UI in Omnibox - CVE-2019-13750: Fixed an insufficient data validation in SQLite - CVE-2019-13751: Fixed an uninitialized Use in SQLite - CVE-2019-13752: Fixed an out of bounds read in SQLite - CVE-2019-13753: Fixed an out of bounds read in SQLite - CVE-2019-13754: Fixed an insufficient policy enforcement in extensions - CVE-2019-13755: Fixed an insufficient policy enforcement in extensions - CVE-2019-13756: Fixed an incorrect security UI in printing - CVE-2019-13757: Fixed an incorrect security UI in Omnibox - CVE-2019-13758: Fixed an insufficient policy enforcement in navigation - CVE-2019-13759: Fixed an incorrect security UI in interstitials - CVE-2019-13761: Fixed an incorrect security UI in Omnibox - CVE-2019-13762: Fixed an insufficient policy enforcement in downloads - CVE-2019-13763: Fixed an insufficient policy enforcement in payments This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2694 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS E-Mail link for openSUSE-SU-2019:2694-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1158982 SUSE Bug 1158982 https://www.suse.com/security/cve/CVE-2019-13725/ SUSE CVE CVE-2019-13725 page https://www.suse.com/security/cve/CVE-2019-13726/ SUSE CVE CVE-2019-13726 page https://www.suse.com/security/cve/CVE-2019-13727/ SUSE CVE CVE-2019-13727 page https://www.suse.com/security/cve/CVE-2019-13728/ SUSE CVE CVE-2019-13728 page https://www.suse.com/security/cve/CVE-2019-13729/ SUSE CVE CVE-2019-13729 page https://www.suse.com/security/cve/CVE-2019-13730/ SUSE CVE CVE-2019-13730 page https://www.suse.com/security/cve/CVE-2019-13732/ SUSE CVE CVE-2019-13732 page https://www.suse.com/security/cve/CVE-2019-13734/ SUSE CVE CVE-2019-13734 page https://www.suse.com/security/cve/CVE-2019-13735/ SUSE CVE CVE-2019-13735 page https://www.suse.com/security/cve/CVE-2019-13736/ SUSE CVE CVE-2019-13736 page https://www.suse.com/security/cve/CVE-2019-13737/ SUSE CVE CVE-2019-13737 page https://www.suse.com/security/cve/CVE-2019-13738/ SUSE CVE CVE-2019-13738 page https://www.suse.com/security/cve/CVE-2019-13739/ SUSE CVE CVE-2019-13739 page https://www.suse.com/security/cve/CVE-2019-13740/ SUSE CVE CVE-2019-13740 page https://www.suse.com/security/cve/CVE-2019-13741/ SUSE CVE CVE-2019-13741 page https://www.suse.com/security/cve/CVE-2019-13742/ SUSE CVE CVE-2019-13742 page https://www.suse.com/security/cve/CVE-2019-13743/ SUSE CVE CVE-2019-13743 page https://www.suse.com/security/cve/CVE-2019-13744/ SUSE CVE CVE-2019-13744 page https://www.suse.com/security/cve/CVE-2019-13745/ SUSE CVE CVE-2019-13745 page https://www.suse.com/security/cve/CVE-2019-13746/ SUSE CVE CVE-2019-13746 page https://www.suse.com/security/cve/CVE-2019-13747/ SUSE CVE CVE-2019-13747 page https://www.suse.com/security/cve/CVE-2019-13748/ SUSE CVE CVE-2019-13748 page https://www.suse.com/security/cve/CVE-2019-13749/ SUSE CVE CVE-2019-13749 page https://www.suse.com/security/cve/CVE-2019-13750/ SUSE CVE CVE-2019-13750 page https://www.suse.com/security/cve/CVE-2019-13751/ SUSE CVE CVE-2019-13751 page https://www.suse.com/security/cve/CVE-2019-13752/ SUSE CVE CVE-2019-13752 page https://www.suse.com/security/cve/CVE-2019-13753/ SUSE CVE CVE-2019-13753 page https://www.suse.com/security/cve/CVE-2019-13754/ SUSE CVE CVE-2019-13754 page https://www.suse.com/security/cve/CVE-2019-13755/ SUSE CVE CVE-2019-13755 page https://www.suse.com/security/cve/CVE-2019-13756/ SUSE CVE CVE-2019-13756 page https://www.suse.com/security/cve/CVE-2019-13757/ SUSE CVE CVE-2019-13757 page https://www.suse.com/security/cve/CVE-2019-13758/ SUSE CVE CVE-2019-13758 page https://www.suse.com/security/cve/CVE-2019-13759/ SUSE CVE CVE-2019-13759 page https://www.suse.com/security/cve/CVE-2019-13761/ SUSE CVE CVE-2019-13761 page https://www.suse.com/security/cve/CVE-2019-13762/ SUSE CVE CVE-2019-13762 page https://www.suse.com/security/cve/CVE-2019-13763/ SUSE CVE CVE-2019-13763 page https://www.suse.com/security/cve/CVE-2019-13764/ SUSE CVE CVE-2019-13764 page SUSE Package Hub 15 SP1 chromedriver-79.0.3945.79-bp151.3.35.1 chromium-79.0.3945.79-bp151.3.35.1 chromedriver-79.0.3945.79-bp151.3.35.1 as a component of SUSE Package Hub 15 SP1 chromium-79.0.3945.79-bp151.3.35.1 as a component of SUSE Package Hub 15 SP1 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2019-13725 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13725.html CVE-2019-13725 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2019-13726 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13726.html CVE-2019-13726 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-13727 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13727.html CVE-2019-13727 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13728 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13728.html CVE-2019-13728 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13729 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13729.html CVE-2019-13729 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13730 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13730.html CVE-2019-13730 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13732 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13732.html CVE-2019-13732 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13734 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13734.html CVE-2019-13734 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2019-13735 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13735.html CVE-2019-13735 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-13736 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13736.html CVE-2019-13736 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13737 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13737.html CVE-2019-13737 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2019-13738 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13738.html CVE-2019-13738 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13739 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13739.html CVE-2019-13739 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13740 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13740.html CVE-2019-13740 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. CVE-2019-13741 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13741.html CVE-2019-13741 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-13742 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13742.html CVE-2019-13742 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2019-13743 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13743.html CVE-2019-13743 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13744 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13744.html CVE-2019-13744 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13745 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13745.html CVE-2019-13745 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13746 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13746.html CVE-2019-13746 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13747 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13747.html CVE-2019-13747 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13748 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13748.html CVE-2019-13748 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13749 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13749.html CVE-2019-13749 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. CVE-2019-13750 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13750.html CVE-2019-13750 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13751 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13751.html CVE-2019-13751 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13752 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13752.html CVE-2019-13752 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13753 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13753.html CVE-2019-13753 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-13754 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13754.html CVE-2019-13754 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. CVE-2019-13755 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13755.html CVE-2019-13755 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13756 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13756.html CVE-2019-13756 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13757 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13757.html CVE-2019-13757 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-13758 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13758.html CVE-2019-13758 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13759 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13759.html CVE-2019-13759 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13761 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13761.html CVE-2019-13761 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. CVE-2019-13762 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13762.html CVE-2019-13762 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2019-13763 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13763.html CVE-2019-13763 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13764 SUSE Package Hub 15 SP1:chromedriver-79.0.3945.79-bp151.3.35.1 SUSE Package Hub 15 SP1:chromium-79.0.3945.79-bp151.3.35.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS/#M7S2JFSREIHYGCP4KXIISPEHVMV7FBWS https://www.suse.com/security/cve/CVE-2019-13764.html CVE-2019-13764 https://bugzilla.suse.com/1158982 SUSE Bug 1158982