Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1430-1 Final 1 1 2016-05-27T19:11:08Z current 2016-05-27T19:11:08Z 2016-05-27T19:11:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium Chromium was updated to 51.0.2704.63 to fix the following vulnerabilities (boo#981886): - CVE-2016-1672: Cross-origin bypass in extension bindings - CVE-2016-1673: Cross-origin bypass in Blink - CVE-2016-1674: Cross-origin bypass in extensions - CVE-2016-1675: Cross-origin bypass in Blink - CVE-2016-1676: Cross-origin bypass in extension bindings - CVE-2016-1677: Type confusion in V8 - CVE-2016-1678: Heap overflow in V8 - CVE-2016-1679: Heap use-after-free in V8 bindings - CVE-2016-1680: Heap use-after-free in Skia - CVE-2016-1681: Heap overflow in PDFium - CVE-2016-1682: CSP bypass for ServiceWorker - CVE-2016-1683: Out-of-bounds access in libxslt - CVE-2016-1684: Integer overflow in libxslt - CVE-2016-1685: Out-of-bounds read in PDFium - CVE-2016-1686: Out-of-bounds read in PDFium - CVE-2016-1687: Information leak in extensions - CVE-2016-1688: Out-of-bounds read in V8 - CVE-2016-1689: Heap buffer overflow in media - CVE-2016-1690: Heap use-after-free in Autofill - CVE-2016-1691: Heap buffer-overflow in Skia - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker - CVE-2016-1693: HTTP Download of Software Removal Tool - CVE-2016-1694: HPKP pins removed on cache clearance - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html E-Mail link for openSUSE-SU-2016:1430-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 chromedriver-51.0.2704.63-51.1 chromium-51.0.2704.63-51.1 chromium-desktop-gnome-51.0.2704.63-51.1 chromium-desktop-kde-51.0.2704.63-51.1 chromium-ffmpegsumo-51.0.2704.63-51.1 chromedriver-51.0.2704.63-51.1 as a component of openSUSE Leap 42.1 chromium-51.0.2704.63-51.1 as a component of openSUSE Leap 42.1 chromium-desktop-gnome-51.0.2704.63-51.1 as a component of openSUSE Leap 42.1 chromium-desktop-kde-51.0.2704.63-51.1 as a component of openSUSE Leap 42.1 chromium-ffmpegsumo-51.0.2704.63-51.1 as a component of openSUSE Leap 42.1 The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. CVE-2016-1672 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1672.html CVE-2016-1672 https://bugzilla.suse.com/981886 SUSE Bug 981886 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1673 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1673.html CVE-2016-1673 https://bugzilla.suse.com/981886 SUSE Bug 981886 The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1674 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1674.html CVE-2016-1674 https://bugzilla.suse.com/981886 SUSE Bug 981886 Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. CVE-2016-1675 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1675.html CVE-2016-1675 https://bugzilla.suse.com/981886 SUSE Bug 981886 extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. CVE-2016-1676 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1676.html CVE-2016-1676 https://bugzilla.suse.com/981886 SUSE Bug 981886 uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." CVE-2016-1677 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1677.html CVE-2016-1677 https://bugzilla.suse.com/981886 SUSE Bug 981886 objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1678 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1678.html CVE-2016-1678 https://bugzilla.suse.com/981886 SUSE Bug 981886 The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1679 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1679.html CVE-2016-1679 https://bugzilla.suse.com/981886 SUSE Bug 981886 Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2016-1680 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1680.html CVE-2016-1680 https://bugzilla.suse.com/981886 SUSE Bug 981886 Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. CVE-2016-1681 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1681.html CVE-2016-1681 https://bugzilla.suse.com/981886 SUSE Bug 981886 The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. CVE-2016-1682 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1682.html CVE-2016-1682 https://bugzilla.suse.com/981886 SUSE Bug 981886 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. CVE-2016-1683 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1683.html CVE-2016-1683 https://bugzilla.suse.com/981886 SUSE Bug 981886 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CVE-2016-1684 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1684.html CVE-2016-1684 https://bugzilla.suse.com/981886 SUSE Bug 981886 core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. CVE-2016-1685 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1685.html CVE-2016-1685 https://bugzilla.suse.com/981886 SUSE Bug 981886 The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. CVE-2016-1686 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1686.html CVE-2016-1686 https://bugzilla.suse.com/981886 SUSE Bug 981886 The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. CVE-2016-1687 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1687.html CVE-2016-1687 https://bugzilla.suse.com/981886 SUSE Bug 981886 The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. CVE-2016-1688 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1688.html CVE-2016-1688 https://bugzilla.suse.com/981886 SUSE Bug 981886 Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. CVE-2016-1689 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1689.html CVE-2016-1689 https://bugzilla.suse.com/981886 SUSE Bug 981886 The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. CVE-2016-1690 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1690.html CVE-2016-1690 https://bugzilla.suse.com/981886 SUSE Bug 981886 Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. CVE-2016-1691 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1691.html CVE-2016-1691 https://bugzilla.suse.com/981886 SUSE Bug 981886 WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2016-1692 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1692.html CVE-2016-1692 https://bugzilla.suse.com/981886 SUSE Bug 981886 browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. CVE-2016-1693 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1693.html CVE-2016-1693 https://bugzilla.suse.com/981886 SUSE Bug 981886 browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority. CVE-2016-1694 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1694.html CVE-2016-1694 https://bugzilla.suse.com/981886 SUSE Bug 981886 Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. CVE-2016-1695 openSUSE Leap 42.1:chromedriver-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-gnome-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-desktop-kde-51.0.2704.63-51.1 openSUSE Leap 42.1:chromium-ffmpegsumo-51.0.2704.63-51.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html https://www.suse.com/security/cve/CVE-2016-1695.html CVE-2016-1695 https://bugzilla.suse.com/981886 SUSE Bug 981886