{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"70.0.3538.102-74.1","chromium":"70.0.3538.102-74.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP2","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"70.0.3538.102-74.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update contains Chromium 70.0.3538.102 and fixes security issues and bugs.\n\nVulnerabilities fixed in 70.0.3538.102:\n\n- CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537)\n    \nVulnerabilities fixed in 70.0.3538.67 (bsc#1112111):\n    \n- CVE-2018-17462: Sandbox escape in AppCache\n- CVE-2018-17463: Remote code execution in V8\n- Heap buffer overflow in Little CMS in PDFium\n- CVE-2018-17464: URL spoof in Omnibox\n- CVE-2018-17465: Use after free in V8\n- CVE-2018-17466: Memory corruption in Angle\n- CVE-2018-17467: URL spoof in Omnibox\n- CVE-2018-17468: Cross-origin URL disclosure in Blink\n- CVE-2018-17469: Heap buffer overflow in PDFium\n- CVE-2018-17470: Memory corruption in GPU Internals\n- CVE-2018-17471: Security UI occlusion in full screen mode\n- CVE-2018-17473: URL spoof in Omnibox\n- CVE-2018-17474: Use after free in Blink\n- CVE-2018-17475: URL spoof in Omnibox\n- CVE-2018-17476: Security UI occlusion in full screen mode\n- CVE-2018-5179: Lack of limits on update() in ServiceWorker\n- CVE-2018-17477: UI spoof in Extensions\n\nThis update contains the following packaging changes:\n\n- VAAPI hardware accelerated rendering is now enabled by default.\n- Use the system libusb-1.0 library\n- Use bundled harfbuzz library\n- Disable gnome-keyring to avoid crashes\n- noto-emoji-fonts is no longer a recommended dependency\n","id":"openSUSE-SU-2018:3835-1","modified":"2018-11-20T18:13:21Z","published":"2018-11-20T18:13:21Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I/#QUMMQ2BSESALCKVYTBVE6TKYA2UTXO3I"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112111"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115537"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17462"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17463"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17464"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17465"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17466"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17467"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17469"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17471"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17472"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17473"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17474"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17475"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17476"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17477"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17478"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5179"}],"related":["CVE-2018-17462","CVE-2018-17463","CVE-2018-17464","CVE-2018-17465","CVE-2018-17466","CVE-2018-17467","CVE-2018-17468","CVE-2018-17469","CVE-2018-17470","CVE-2018-17471","CVE-2018-17472","CVE-2018-17473","CVE-2018-17474","CVE-2018-17475","CVE-2018-17476","CVE-2018-17477","CVE-2018-17478","CVE-2018-5179"],"summary":"Security update for chromium","upstream":["CVE-2018-17462","CVE-2018-17463","CVE-2018-17464","CVE-2018-17465","CVE-2018-17466","CVE-2018-17467","CVE-2018-17468","CVE-2018-17469","CVE-2018-17470","CVE-2018-17471","CVE-2018-17472","CVE-2018-17473","CVE-2018-17474","CVE-2018-17475","CVE-2018-17476","CVE-2018-17477","CVE-2018-17478","CVE-2018-5179"]}