{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"54.0.2840.59-109.1","chromium":"54.0.2840.59-109.1","chromium-ffmpegsumo":"54.0.2840.59-109.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"54.0.2840.59-109.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"Chromium was updated to 54.0.2840.59 to fix security issues and bugs.\n\nThe following security issues are fixed (bnc#1004465):\n\n- CVE-2016-5181: Universal XSS in Blink\n- CVE-2016-5182: Heap overflow in Blink\n- CVE-2016-5183: Use after free in PDFium\n- CVE-2016-5184: Use after free in PDFium\n- CVE-2016-5185: Use after free in Blink\n- CVE-2016-5187: URL spoofing\n- CVE-2016-5188: UI spoofing\n- CVE-2016-5192: Cross-origin bypass in Blink\n- CVE-2016-5189: URL spoofing\n- CVE-2016-5186: Out of bounds read in DevTools\n- CVE-2016-5191: Universal XSS in Bookmarks\n- CVE-2016-5190: Use after free in Internals\n- CVE-2016-5193: Scheme bypass\n\nThe following bugs were fixed:\n\n-  bnc#1000019: display issues in full screen mode, add --ui-disable-partial-swap to the launcher\n\nThe following packaging changes are included:\n\n- The desktop sub-packages are no obsolete\n- The package now uses the system variants of some bundled libraries\n- The hangouts extension is now built\n\n","id":"SUSE-SU-2016:2597-1","modified":"2016-10-19T15:50:17Z","published":"2016-10-19T15:50:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162597-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000019"},{"type":"REPORT","url":"https://bugzilla.suse.com/1004465"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5182"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5190"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5192"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5193"}],"related":["CVE-2016-5181","CVE-2016-5182","CVE-2016-5183","CVE-2016-5184","CVE-2016-5185","CVE-2016-5186","CVE-2016-5187","CVE-2016-5188","CVE-2016-5189","CVE-2016-5190","CVE-2016-5191","CVE-2016-5192","CVE-2016-5193"],"summary":"Security update for Chromium","upstream":["CVE-2016-5181","CVE-2016-5182","CVE-2016-5183","CVE-2016-5184","CVE-2016-5185","CVE-2016-5186","CVE-2016-5187","CVE-2016-5188","CVE-2016-5189","CVE-2016-5190","CVE-2016-5191","CVE-2016-5192","CVE-2016-5193"]}