Security update for Chromium
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:2557-1
Final
1
1
2017-09-23T06:52:44Z
current
2017-09-23T06:52:44Z
2017-09-23T06:52:44Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for Chromium
This update to Chromium 61.0.3163.100 fixes the following vulnerabilities:
- CVE-2017-5121: Out-of-bounds access in V8
- CVE-2017-5122: Out-of-bounds access in V8
- Various fixes from internal audits, fuzzing and other initiatives
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
openSUSE-2017-1085
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
E-Mail link for openSUSE-SU-2017:2557-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1060019
SUSE Bug 1060019
https://www.suse.com/security/cve/CVE-2017-5121/
SUSE CVE CVE-2017-5121 page
https://www.suse.com/security/cve/CVE-2017-5122/
SUSE CVE CVE-2017-5122 page
SUSE Package Hub 12 SP2
chromedriver-61.0.3163.100-32.1
chromium-61.0.3163.100-32.1
chromedriver-61.0.3163.100-32.1 as a component of SUSE Package Hub 12 SP2
chromium-61.0.3163.100-32.1 as a component of SUSE Package Hub 12 SP2
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
CVE-2017-5121
SUSE Package Hub 12 SP2:chromedriver-61.0.3163.100-32.1
SUSE Package Hub 12 SP2:chromium-61.0.3163.100-32.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/security/cve/CVE-2017-5121.html
CVE-2017-5121
https://bugzilla.suse.com/1060019
SUSE Bug 1060019
https://bugzilla.suse.com/1060020
SUSE Bug 1060020
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.
CVE-2017-5122
SUSE Package Hub 12 SP2:chromedriver-61.0.3163.100-32.1
SUSE Package Hub 12 SP2:chromium-61.0.3163.100-32.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/security/cve/CVE-2017-5122.html
CVE-2017-5122
https://bugzilla.suse.com/1060019
SUSE Bug 1060019
https://bugzilla.suse.com/1060020
SUSE Bug 1060020