{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"55.0.2883.75-2.1","chromium":"55.0.2883.75-2.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"55.0.2883.75-2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update to Chromium 55.0.2883.75 fixes the following vulnerabilities:\n\n- CVE-2016-9651: Private property access in V8\n- CVE-2016-5208: Universal XSS in Blink\n- CVE-2016-5207: Universal XSS in Blink\n- CVE-2016-5206: Same-origin bypass in PDFium\n- CVE-2016-5205: Universal XSS in Blink\n- CVE-2016-5204: Universal XSS in Blink\n- CVE-2016-5209: Out of bounds write in Blink\n- CVE-2016-5203: Use after free in PDFium\n- CVE-2016-5210: Out of bounds write in PDFium\n- CVE-2016-5212: Local file disclosure in DevTools\n- CVE-2016-5211: Use after free in PDFium\n- CVE-2016-5213: Use after free in V8\n- CVE-2016-5214: File download protection bypass\n- CVE-2016-5216: Use after free in PDFium\n- CVE-2016-5215: Use after free in Webaudio\n- CVE-2016-5217: Use of unvalidated data in PDFium\n- CVE-2016-5218: Address spoofing in Omnibox\n- CVE-2016-5219: Use after free in V8\n- CVE-2016-5221: Integer overflow in ANGLE\n- CVE-2016-5220: Local file access in PDFium\n- CVE-2016-5222: Address spoofing in Omnibox\n- CVE-2016-9650: CSP Referrer disclosure\n- CVE-2016-5223: Integer overflow in PDFium\n- CVE-2016-5226: Limited XSS in Blink\n- CVE-2016-5225: CSP bypass in Blink\n- CVE-2016-5224: Same-origin bypass in SVG\n- CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives\n\nThe default bookmarks override was removed.\n\nThe following packaging changes are included:\n\n- Switch to system libraries: harfbuzz, zlib, ffmpeg, where available.\n- Chromium now requires harfbuzz >= 1.3.0","id":"openSUSE-SU-2017:0563-1","modified":"2016-12-16T22:45:25Z","published":"2016-12-16T22:45:25Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT/#IOM3J2HPT4XSGXITE6DSNQRVKV6CULMT"},{"type":"REPORT","url":"https://bugzilla.suse.com/1013236"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5203"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5205"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5206"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5209"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5210"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5211"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5212"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5213"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5214"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5215"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5216"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5217"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5218"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5219"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5220"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5221"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5222"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5223"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5224"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5225"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5226"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9650"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9651"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9652"}],"related":["CVE-2016-5203","CVE-2016-5204","CVE-2016-5205","CVE-2016-5206","CVE-2016-5207","CVE-2016-5208","CVE-2016-5209","CVE-2016-5210","CVE-2016-5211","CVE-2016-5212","CVE-2016-5213","CVE-2016-5214","CVE-2016-5215","CVE-2016-5216","CVE-2016-5217","CVE-2016-5218","CVE-2016-5219","CVE-2016-5220","CVE-2016-5221","CVE-2016-5222","CVE-2016-5223","CVE-2016-5224","CVE-2016-5225","CVE-2016-5226","CVE-2016-9650","CVE-2016-9651","CVE-2016-9652"],"summary":"Security update for Chromium","upstream":["CVE-2016-5203","CVE-2016-5204","CVE-2016-5205","CVE-2016-5206","CVE-2016-5207","CVE-2016-5208","CVE-2016-5209","CVE-2016-5210","CVE-2016-5211","CVE-2016-5212","CVE-2016-5213","CVE-2016-5214","CVE-2016-5215","CVE-2016-5216","CVE-2016-5217","CVE-2016-5218","CVE-2016-5219","CVE-2016-5220","CVE-2016-5221","CVE-2016-5222","CVE-2016-5223","CVE-2016-5224","CVE-2016-5225","CVE-2016-5226","CVE-2016-9650","CVE-2016-9651","CVE-2016-9652"]}