{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"60.0.3112.78-26.1","chromium":"60.0.3112.78-26.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"60.0.3112.78-26.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update Chromium to version 60.0.3112.78 fixes security issue and bugs.\n\nThe following security issues were fixed:\n\n  * CVE-2017-5091: Use after free in IndexedDB\n  * CVE-2017-5092: Use after free in PPAPI\n  * CVE-2017-5093: UI spoofing in Blink\n  * CVE-2017-5094: Type confusion in extensions\n  * CVE-2017-5095: Out-of-bounds write in PDFium\n  * CVE-2017-5096: User information leak via Android intents\n  * CVE-2017-5097: Out-of-bounds read in Skia\n  * CVE-2017-5098: Use after free in V8\n  * CVE-2017-5099: Out-of-bounds write in PPAPI\n  * CVE-2017-5100: Use after free in Chrome Apps\n  * CVE-2017-5101: URL spoofing in OmniBox\n  * CVE-2017-5102: Uninitialized use in Skia\n  * CVE-2017-5103: Uninitialized use in Skia\n  * CVE-2017-5104: UI spoofing in browser\n  * CVE-2017-7000: Pointer disclosure in SQLite\n  * CVE-2017-5105: URL spoofing in OmniBox\n  * CVE-2017-5106: URL spoofing in OmniBox\n  * CVE-2017-5107: User information leak via SVG\n  * CVE-2017-5108: Type confusion in PDFium\n  * CVE-2017-5109: UI spoofing in browser\n  * CVE-2017-5110: UI spoofing in payments dialog\n  * Various fixes from internal audits, fuzzing and other initiatives\n\nA number of upstream bugfixes are also included in this release.\n","id":"openSUSE-SU-2017:1993-1","modified":"2017-07-28T12:59:09Z","published":"2017-07-28T12:59:09Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK/#VS65OFX6RNZL3MZCZD4LJ6Z5J45F6UIK"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5092"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5093"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5094"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5095"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5096"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5097"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5098"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5099"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5100"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5105"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5106"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5107"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5109"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5110"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7000"}],"related":["CVE-2017-5091","CVE-2017-5092","CVE-2017-5093","CVE-2017-5094","CVE-2017-5095","CVE-2017-5096","CVE-2017-5097","CVE-2017-5098","CVE-2017-5099","CVE-2017-5100","CVE-2017-5101","CVE-2017-5102","CVE-2017-5103","CVE-2017-5104","CVE-2017-5105","CVE-2017-5106","CVE-2017-5107","CVE-2017-5108","CVE-2017-5109","CVE-2017-5110","CVE-2017-7000"],"summary":"Security update for chromium","upstream":["CVE-2017-5091","CVE-2017-5092","CVE-2017-5093","CVE-2017-5094","CVE-2017-5095","CVE-2017-5096","CVE-2017-5097","CVE-2017-5098","CVE-2017-5099","CVE-2017-5100","CVE-2017-5101","CVE-2017-5102","CVE-2017-5103","CVE-2017-5104","CVE-2017-5105","CVE-2017-5106","CVE-2017-5107","CVE-2017-5108","CVE-2017-5109","CVE-2017-5110","CVE-2017-7000"]}