{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"53.0.2785.89-96.1","chromium":"53.0.2785.89-96.1","chromium-desktop-gnome":"53.0.2785.89-96.1","chromium-desktop-kde":"53.0.2785.89-96.1","chromium-ffmpegsumo":"53.0.2785.89-96.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"53.0.2785.89-96.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\nThe following vulnerabilities were fixed: (boo#996648)\n\n- CVE-2016-5147: Universal XSS in Blink.\n- CVE-2016-5148: Universal XSS in Blink.\n- CVE-2016-5149: Script injection in extensions.\n- CVE-2016-5150: Use after free in Blink.\n- CVE-2016-5151: Use after free in PDFium.\n- CVE-2016-5152: Heap overflow in PDFium.\n- CVE-2016-5153: Use after destruction in Blink.\n- CVE-2016-5154: Heap overflow in PDFium.\n- CVE-2016-5155: Address bar spoofing.\n- CVE-2016-5156: Use after free in event bindings.\n- CVE-2016-5157: Heap overflow in PDFium.\n- CVE-2016-5158: Heap overflow in PDFium.\n- CVE-2016-5159: Heap overflow in PDFium.\n- CVE-2016-5161: Type confusion in Blink.\n- CVE-2016-5162: Extensions web accessible resources bypass.\n- CVE-2016-5163: Address bar spoofing.\n- CVE-2016-5164: Universal XSS using DevTools.\n- CVE-2016-5165: Script injection in DevTools.\n- CVE-2016-5166: SMB Relay Attack via Save Page As.\n- CVE-2016-5160: Extensions web accessible resources bypass.\n\nA number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)","id":"SUSE-SU-2016:2250-1","modified":"2016-09-01T12:42:13Z","published":"2016-09-01T12:42:13Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162250-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/995932"},{"type":"REPORT","url":"https://bugzilla.suse.com/996032"},{"type":"REPORT","url":"https://bugzilla.suse.com/99606"},{"type":"REPORT","url":"https://bugzilla.suse.com/996648"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5147"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5148"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5149"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5150"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5151"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5152"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5153"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5156"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5157"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5158"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5159"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5160"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5161"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5162"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5164"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5166"}],"related":["CVE-2016-5147","CVE-2016-5148","CVE-2016-5149","CVE-2016-5150","CVE-2016-5151","CVE-2016-5152","CVE-2016-5153","CVE-2016-5154","CVE-2016-5155","CVE-2016-5156","CVE-2016-5157","CVE-2016-5158","CVE-2016-5159","CVE-2016-5160","CVE-2016-5161","CVE-2016-5162","CVE-2016-5163","CVE-2016-5164","CVE-2016-5165","CVE-2016-5166"],"summary":"Security update for Chromium","upstream":["CVE-2016-5147","CVE-2016-5148","CVE-2016-5149","CVE-2016-5150","CVE-2016-5151","CVE-2016-5152","CVE-2016-5153","CVE-2016-5154","CVE-2016-5155","CVE-2016-5156","CVE-2016-5157","CVE-2016-5158","CVE-2016-5159","CVE-2016-5160","CVE-2016-5161","CVE-2016-5162","CVE-2016-5163","CVE-2016-5164","CVE-2016-5165","CVE-2016-5166"]}