{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"74.0.3729.108-bp150.207.1","chromium":"74.0.3729.108-bp150.207.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"74.0.3729.108-bp150.207.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nChromium was updated to 74.0.3729.108 boo#1133313:\n\n* CVE-2019-5805: Use after free in PDFium\n* CVE-2019-5806: Integer overflow in Angle\n* CVE-2019-5807: Memory corruption in V8\n* CVE-2019-5808: Use after free in Blink\n* CVE-2019-5809: Use after free in Blink\n* CVE-2019-5810: User information disclosure in Autofill\n* CVE-2019-5811: CORS bypass in Blink\n* CVE-2019-5813: Out of bounds read in V8\n* CVE-2019-5814: CORS bypass in Blink\n* CVE-2019-5815: Heap buffer overflow in Blink\n* CVE-2019-5818: Uninitialized value in media reader\n* CVE-2019-5819: Incorrect escaping in developer tools\n* CVE-2019-5820: Integer overflow in PDFium\n* CVE-2019-5821: Integer overflow in PDFium\n* CVE-2019-5822: CORS bypass in download manager\n* CVE-2019-5823: Forced navigation from service worker\n* CVE-2019-5812: URL spoof in Omnibox on iOS\n* CVE-2019-5816: Exploit persistence extension on Android\n* CVE-2019-5817: Heap buffer overflow in Angle on Windows\n\n- Update conditions to use system harfbuzz on TW+\n- Require java during build\n- Enable using pipewire when available\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.","id":"openSUSE-SU-2019:1436-1","modified":"2019-05-22T16:41:14Z","published":"2019-05-22T16:41:14Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AWRISTZJJNJJPLDT4TNSJKAHMVL6J2RA/#AWRISTZJJNJJPLDT4TNSJKAHMVL6J2RA"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133313"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5805"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5807"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5808"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5809"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5810"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5811"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5812"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5813"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5814"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5816"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5820"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5821"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5822"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-5823"}],"related":["CVE-2019-5805","CVE-2019-5806","CVE-2019-5807","CVE-2019-5808","CVE-2019-5809","CVE-2019-5810","CVE-2019-5811","CVE-2019-5812","CVE-2019-5813","CVE-2019-5814","CVE-2019-5815","CVE-2019-5816","CVE-2019-5817","CVE-2019-5818","CVE-2019-5819","CVE-2019-5820","CVE-2019-5821","CVE-2019-5822","CVE-2019-5823"],"summary":"Security update for chromium","upstream":["CVE-2019-5805","CVE-2019-5806","CVE-2019-5807","CVE-2019-5808","CVE-2019-5809","CVE-2019-5810","CVE-2019-5811","CVE-2019-5812","CVE-2019-5813","CVE-2019-5814","CVE-2019-5815","CVE-2019-5816","CVE-2019-5817","CVE-2019-5818","CVE-2019-5819","CVE-2019-5820","CVE-2019-5821","CVE-2019-5822","CVE-2019-5823"]}