{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"64.0.3282.119-46.2","chromium":"64.0.3282.119-46.2","libre2-0":"20180101-5.1","re2-devel":"20180101-5.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"64.0.3282.119-46.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"64.0.3282.119-46.2","chromium":"64.0.3282.119-46.2","libre2-0":"20180101-5.1","re2-devel":"20180101-5.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"re2","purl":"pkg:rpm/suse/re2&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20180101-5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"64.0.3282.119-46.2","chromium":"64.0.3282.119-46.2","libre2-0":"20180101-5.1","re2-devel":"20180101-5.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"64.0.3282.119-46.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"64.0.3282.119-46.2","chromium":"64.0.3282.119-46.2","libre2-0":"20180101-5.1","re2-devel":"20180101-5.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"re2","purl":"pkg:rpm/suse/re2&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"20180101-5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium to 64.0.3282.119 fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2018-6031: Use after free in PDFium (boo#1077571)\n- CVE-2018-6032: Same origin bypass in Shared Worker (boo#1077571)\n- CVE-2018-6033: Race when opening downloaded files (boo#1077571)\n- CVE-2018-6034: Integer overflow in Blink (boo#1077571)\n- CVE-2018-6035: Insufficient isolation of devtools from extensions (boo#1077571)\n- CVE-2018-6036: Integer underflow in WebAssembly (boo#1077571)\n- CVE-2018-6037: Insufficient user gesture requirements in autofill (boo#1077571)\n- CVE-2018-6038: Heap buffer overflow in WebGL (boo#1077571)\n- CVE-2018-6039: XSS in DevTools (boo#1077571)\n- CVE-2018-6040: Content security policy bypass (boo#1077571)\n- CVE-2018-6041: URL spoof in Navigation (boo#1077571)\n- CVE-2018-6042: URL spoof in OmniBox (boo#1077571)\n- CVE-2018-6043: Insufficient escaping with external URL handlers (boo#1077571)\n- CVE-2018-6045: Insufficient isolation of devtools from extensions (boo#1077571)\n- CVE-2018-6046: Insufficient isolation of devtools from extensions (boo#1077571)\n- CVE-2018-6047: Cross origin URL leak in WebGL (boo#1077571)\n- CVE-2018-6048: Referrer policy bypass in Blink (boo#1077571)\n- CVE-2017-15420: URL spoofing in Omnibox (boo#1077571)\n- CVE-2018-6049: UI spoof in Permissions (boo#1077571)\n- CVE-2018-6050: URL spoof in OmniBox (boo#1077571)\n- CVE-2018-6051: Referrer leak in XSS Auditor (boo#1077571)\n- CVE-2018-6052: Incomplete no-referrer policy implementation (boo#1077571)\n- CVE-2018-6053: Leak of page thumbnails in New Tab Page (boo#1077571)\n- CVE-2018-6054: Use after free in WebUI (boo#1077571)\n\nRe was updated to version 2018-01-01 (boo#1073323)    \n","id":"openSUSE-SU-2018:0313-1","modified":"2018-01-31T10:21:32Z","published":"2018-01-31T10:21:32Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/73CJAOQ7VWKHQWOYUWLGMB37IYUP35O6/#73CJAOQ7VWKHQWOYUWLGMB37IYUP35O6"},{"type":"REPORT","url":"https://bugzilla.suse.com/1073323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1077571"},{"type":"REPORT","url":"https://bugzilla.suse.com/1077722"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15420"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6031"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6033"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6034"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6035"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6036"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6037"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6038"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6039"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6042"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6043"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6045"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6046"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6047"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6048"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6049"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6050"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6051"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6052"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6054"}],"related":["CVE-2017-15420","CVE-2018-6031","CVE-2018-6032","CVE-2018-6033","CVE-2018-6034","CVE-2018-6035","CVE-2018-6036","CVE-2018-6037","CVE-2018-6038","CVE-2018-6039","CVE-2018-6040","CVE-2018-6041","CVE-2018-6042","CVE-2018-6043","CVE-2018-6045","CVE-2018-6046","CVE-2018-6047","CVE-2018-6048","CVE-2018-6049","CVE-2018-6050","CVE-2018-6051","CVE-2018-6052","CVE-2018-6053","CVE-2018-6054"],"summary":"Security update for chromium","upstream":["CVE-2017-15420","CVE-2018-6031","CVE-2018-6032","CVE-2018-6033","CVE-2018-6034","CVE-2018-6035","CVE-2018-6036","CVE-2018-6037","CVE-2018-6038","CVE-2018-6039","CVE-2018-6040","CVE-2018-6041","CVE-2018-6042","CVE-2018-6043","CVE-2018-6045","CVE-2018-6046","CVE-2018-6047","CVE-2018-6048","CVE-2018-6049","CVE-2018-6050","CVE-2018-6051","CVE-2018-6052","CVE-2018-6053","CVE-2018-6054"]}