chromedriver-93.0.4577.82-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10681-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-93.0.4577.82-1.1 on GA media These are all security issues fixed in the chromedriver-93.0.4577.82-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10681 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-11215/ SUSE CVE CVE-2017-11215 page https://www.suse.com/security/cve/CVE-2017-11225/ SUSE CVE CVE-2017-11225 page https://www.suse.com/security/cve/CVE-2017-15386/ SUSE CVE CVE-2017-15386 page https://www.suse.com/security/cve/CVE-2017-15387/ SUSE CVE CVE-2017-15387 page https://www.suse.com/security/cve/CVE-2017-15388/ SUSE CVE CVE-2017-15388 page https://www.suse.com/security/cve/CVE-2017-15389/ SUSE CVE CVE-2017-15389 page https://www.suse.com/security/cve/CVE-2017-15390/ SUSE CVE CVE-2017-15390 page https://www.suse.com/security/cve/CVE-2017-15391/ SUSE CVE CVE-2017-15391 page https://www.suse.com/security/cve/CVE-2017-15392/ SUSE CVE CVE-2017-15392 page https://www.suse.com/security/cve/CVE-2017-15393/ SUSE CVE CVE-2017-15393 page https://www.suse.com/security/cve/CVE-2017-15394/ SUSE CVE CVE-2017-15394 page https://www.suse.com/security/cve/CVE-2017-15395/ SUSE CVE CVE-2017-15395 page https://www.suse.com/security/cve/CVE-2017-15396/ SUSE CVE CVE-2017-15396 page https://www.suse.com/security/cve/CVE-2017-15398/ SUSE CVE CVE-2017-15398 page https://www.suse.com/security/cve/CVE-2017-15399/ SUSE CVE CVE-2017-15399 page https://www.suse.com/security/cve/CVE-2017-15407/ SUSE CVE CVE-2017-15407 page https://www.suse.com/security/cve/CVE-2017-15408/ SUSE CVE CVE-2017-15408 page https://www.suse.com/security/cve/CVE-2017-15409/ SUSE CVE CVE-2017-15409 page https://www.suse.com/security/cve/CVE-2017-15410/ SUSE CVE CVE-2017-15410 page https://www.suse.com/security/cve/CVE-2017-15411/ SUSE CVE CVE-2017-15411 page https://www.suse.com/security/cve/CVE-2017-15412/ SUSE CVE CVE-2017-15412 page https://www.suse.com/security/cve/CVE-2017-15413/ SUSE CVE CVE-2017-15413 page https://www.suse.com/security/cve/CVE-2017-15415/ SUSE CVE CVE-2017-15415 page https://www.suse.com/security/cve/CVE-2017-15416/ SUSE CVE CVE-2017-15416 page https://www.suse.com/security/cve/CVE-2017-15417/ SUSE CVE CVE-2017-15417 page https://www.suse.com/security/cve/CVE-2017-15418/ SUSE CVE CVE-2017-15418 page https://www.suse.com/security/cve/CVE-2017-15419/ SUSE CVE CVE-2017-15419 page https://www.suse.com/security/cve/CVE-2017-15420/ SUSE CVE CVE-2017-15420 page https://www.suse.com/security/cve/CVE-2017-15422/ SUSE CVE CVE-2017-15422 page https://www.suse.com/security/cve/CVE-2017-15423/ SUSE CVE CVE-2017-15423 page https://www.suse.com/security/cve/CVE-2017-15424/ SUSE CVE CVE-2017-15424 page https://www.suse.com/security/cve/CVE-2017-15425/ SUSE CVE CVE-2017-15425 page https://www.suse.com/security/cve/CVE-2017-15426/ SUSE CVE CVE-2017-15426 page https://www.suse.com/security/cve/CVE-2017-15427/ SUSE CVE CVE-2017-15427 page https://www.suse.com/security/cve/CVE-2017-15429/ SUSE CVE CVE-2017-15429 page https://www.suse.com/security/cve/CVE-2017-15430/ SUSE CVE CVE-2017-15430 page https://www.suse.com/security/cve/CVE-2017-5006/ SUSE CVE CVE-2017-5006 page https://www.suse.com/security/cve/CVE-2017-5007/ SUSE CVE CVE-2017-5007 page https://www.suse.com/security/cve/CVE-2017-5008/ SUSE CVE CVE-2017-5008 page https://www.suse.com/security/cve/CVE-2017-5009/ SUSE CVE CVE-2017-5009 page https://www.suse.com/security/cve/CVE-2017-5010/ SUSE CVE CVE-2017-5010 page https://www.suse.com/security/cve/CVE-2017-5011/ SUSE CVE CVE-2017-5011 page https://www.suse.com/security/cve/CVE-2017-5012/ SUSE CVE CVE-2017-5012 page https://www.suse.com/security/cve/CVE-2017-5013/ SUSE CVE CVE-2017-5013 page https://www.suse.com/security/cve/CVE-2017-5014/ SUSE CVE CVE-2017-5014 page https://www.suse.com/security/cve/CVE-2017-5015/ SUSE CVE CVE-2017-5015 page https://www.suse.com/security/cve/CVE-2017-5016/ SUSE CVE CVE-2017-5016 page https://www.suse.com/security/cve/CVE-2017-5017/ SUSE CVE CVE-2017-5017 page https://www.suse.com/security/cve/CVE-2017-5018/ SUSE CVE CVE-2017-5018 page https://www.suse.com/security/cve/CVE-2017-5019/ SUSE CVE CVE-2017-5019 page https://www.suse.com/security/cve/CVE-2017-5020/ SUSE CVE CVE-2017-5020 page https://www.suse.com/security/cve/CVE-2017-5021/ SUSE CVE CVE-2017-5021 page https://www.suse.com/security/cve/CVE-2017-5022/ SUSE CVE CVE-2017-5022 page https://www.suse.com/security/cve/CVE-2017-5023/ SUSE CVE CVE-2017-5023 page https://www.suse.com/security/cve/CVE-2017-5024/ SUSE CVE CVE-2017-5024 page https://www.suse.com/security/cve/CVE-2017-5025/ SUSE CVE CVE-2017-5025 page https://www.suse.com/security/cve/CVE-2017-5026/ SUSE CVE CVE-2017-5026 page https://www.suse.com/security/cve/CVE-2017-5030/ SUSE CVE CVE-2017-5030 page https://www.suse.com/security/cve/CVE-2017-5035/ SUSE CVE CVE-2017-5035 page https://www.suse.com/security/cve/CVE-2017-5041/ SUSE CVE CVE-2017-5041 page https://www.suse.com/security/cve/CVE-2017-5044/ SUSE CVE CVE-2017-5044 page https://www.suse.com/security/cve/CVE-2017-5052/ SUSE CVE CVE-2017-5052 page https://www.suse.com/security/cve/CVE-2017-5053/ SUSE CVE CVE-2017-5053 page https://www.suse.com/security/cve/CVE-2017-5054/ SUSE CVE CVE-2017-5054 page https://www.suse.com/security/cve/CVE-2017-5055/ SUSE CVE CVE-2017-5055 page https://www.suse.com/security/cve/CVE-2017-5056/ SUSE CVE CVE-2017-5056 page https://www.suse.com/security/cve/CVE-2017-5057/ SUSE CVE CVE-2017-5057 page https://www.suse.com/security/cve/CVE-2017-5058/ SUSE CVE CVE-2017-5058 page https://www.suse.com/security/cve/CVE-2017-5059/ SUSE CVE CVE-2017-5059 page https://www.suse.com/security/cve/CVE-2017-5060/ SUSE CVE CVE-2017-5060 page https://www.suse.com/security/cve/CVE-2017-5061/ SUSE CVE CVE-2017-5061 page https://www.suse.com/security/cve/CVE-2017-5062/ SUSE CVE CVE-2017-5062 page https://www.suse.com/security/cve/CVE-2017-5063/ SUSE CVE CVE-2017-5063 page https://www.suse.com/security/cve/CVE-2017-5064/ SUSE CVE CVE-2017-5064 page https://www.suse.com/security/cve/CVE-2017-5065/ SUSE CVE CVE-2017-5065 page https://www.suse.com/security/cve/CVE-2017-5066/ SUSE CVE CVE-2017-5066 page https://www.suse.com/security/cve/CVE-2017-5067/ SUSE CVE CVE-2017-5067 page https://www.suse.com/security/cve/CVE-2017-5068/ SUSE CVE CVE-2017-5068 page https://www.suse.com/security/cve/CVE-2017-5069/ SUSE CVE CVE-2017-5069 page https://www.suse.com/security/cve/CVE-2017-5070/ SUSE CVE CVE-2017-5070 page https://www.suse.com/security/cve/CVE-2017-5071/ SUSE CVE CVE-2017-5071 page https://www.suse.com/security/cve/CVE-2017-5072/ SUSE CVE CVE-2017-5072 page https://www.suse.com/security/cve/CVE-2017-5073/ SUSE CVE CVE-2017-5073 page https://www.suse.com/security/cve/CVE-2017-5074/ SUSE CVE CVE-2017-5074 page https://www.suse.com/security/cve/CVE-2017-5075/ SUSE CVE CVE-2017-5075 page https://www.suse.com/security/cve/CVE-2017-5076/ SUSE CVE CVE-2017-5076 page https://www.suse.com/security/cve/CVE-2017-5077/ SUSE CVE CVE-2017-5077 page https://www.suse.com/security/cve/CVE-2017-5078/ SUSE CVE CVE-2017-5078 page https://www.suse.com/security/cve/CVE-2017-5079/ SUSE CVE CVE-2017-5079 page https://www.suse.com/security/cve/CVE-2017-5080/ SUSE CVE CVE-2017-5080 page https://www.suse.com/security/cve/CVE-2017-5081/ SUSE CVE CVE-2017-5081 page https://www.suse.com/security/cve/CVE-2017-5082/ SUSE CVE CVE-2017-5082 page https://www.suse.com/security/cve/CVE-2017-5083/ SUSE CVE CVE-2017-5083 page https://www.suse.com/security/cve/CVE-2017-5085/ SUSE CVE CVE-2017-5085 page https://www.suse.com/security/cve/CVE-2017-5086/ SUSE CVE CVE-2017-5086 page https://www.suse.com/security/cve/CVE-2017-5087/ SUSE CVE CVE-2017-5087 page https://www.suse.com/security/cve/CVE-2017-5088/ SUSE CVE CVE-2017-5088 page https://www.suse.com/security/cve/CVE-2017-5089/ SUSE CVE CVE-2017-5089 page https://www.suse.com/security/cve/CVE-2017-5091/ SUSE CVE CVE-2017-5091 page https://www.suse.com/security/cve/CVE-2017-5092/ SUSE CVE CVE-2017-5092 page https://www.suse.com/security/cve/CVE-2017-5093/ SUSE CVE CVE-2017-5093 page https://www.suse.com/security/cve/CVE-2017-5094/ SUSE CVE CVE-2017-5094 page https://www.suse.com/security/cve/CVE-2017-5095/ SUSE CVE CVE-2017-5095 page https://www.suse.com/security/cve/CVE-2017-5096/ SUSE CVE CVE-2017-5096 page https://www.suse.com/security/cve/CVE-2017-5097/ SUSE CVE CVE-2017-5097 page https://www.suse.com/security/cve/CVE-2017-5098/ SUSE CVE CVE-2017-5098 page https://www.suse.com/security/cve/CVE-2017-5099/ SUSE CVE CVE-2017-5099 page https://www.suse.com/security/cve/CVE-2017-5100/ SUSE CVE CVE-2017-5100 page https://www.suse.com/security/cve/CVE-2017-5101/ SUSE CVE CVE-2017-5101 page https://www.suse.com/security/cve/CVE-2017-5102/ SUSE CVE CVE-2017-5102 page https://www.suse.com/security/cve/CVE-2017-5103/ SUSE CVE CVE-2017-5103 page https://www.suse.com/security/cve/CVE-2017-5104/ SUSE CVE CVE-2017-5104 page https://www.suse.com/security/cve/CVE-2017-5105/ SUSE CVE CVE-2017-5105 page https://www.suse.com/security/cve/CVE-2017-5106/ SUSE CVE CVE-2017-5106 page https://www.suse.com/security/cve/CVE-2017-5107/ SUSE CVE CVE-2017-5107 page https://www.suse.com/security/cve/CVE-2017-5108/ SUSE CVE CVE-2017-5108 page https://www.suse.com/security/cve/CVE-2017-5109/ SUSE CVE CVE-2017-5109 page https://www.suse.com/security/cve/CVE-2017-5110/ SUSE CVE CVE-2017-5110 page https://www.suse.com/security/cve/CVE-2017-5111/ SUSE CVE CVE-2017-5111 page https://www.suse.com/security/cve/CVE-2017-5112/ SUSE CVE CVE-2017-5112 page https://www.suse.com/security/cve/CVE-2017-5113/ SUSE CVE CVE-2017-5113 page https://www.suse.com/security/cve/CVE-2017-5114/ SUSE CVE CVE-2017-5114 page https://www.suse.com/security/cve/CVE-2017-5115/ SUSE CVE CVE-2017-5115 page https://www.suse.com/security/cve/CVE-2017-5116/ SUSE CVE CVE-2017-5116 page https://www.suse.com/security/cve/CVE-2017-5117/ SUSE CVE CVE-2017-5117 page https://www.suse.com/security/cve/CVE-2017-5118/ SUSE CVE CVE-2017-5118 page https://www.suse.com/security/cve/CVE-2017-5119/ SUSE CVE CVE-2017-5119 page https://www.suse.com/security/cve/CVE-2017-5120/ SUSE CVE CVE-2017-5120 page https://www.suse.com/security/cve/CVE-2017-5121/ SUSE CVE CVE-2017-5121 page https://www.suse.com/security/cve/CVE-2017-5122/ SUSE CVE CVE-2017-5122 page https://www.suse.com/security/cve/CVE-2017-5124/ SUSE CVE CVE-2017-5124 page https://www.suse.com/security/cve/CVE-2017-5125/ SUSE CVE CVE-2017-5125 page https://www.suse.com/security/cve/CVE-2017-5126/ SUSE CVE CVE-2017-5126 page https://www.suse.com/security/cve/CVE-2017-5127/ SUSE CVE CVE-2017-5127 page https://www.suse.com/security/cve/CVE-2017-5128/ SUSE CVE CVE-2017-5128 page https://www.suse.com/security/cve/CVE-2017-5129/ SUSE CVE CVE-2017-5129 page https://www.suse.com/security/cve/CVE-2017-5130/ SUSE CVE CVE-2017-5130 page https://www.suse.com/security/cve/CVE-2017-5131/ SUSE CVE CVE-2017-5131 page https://www.suse.com/security/cve/CVE-2017-5132/ SUSE CVE CVE-2017-5132 page https://www.suse.com/security/cve/CVE-2017-5133/ SUSE CVE CVE-2017-5133 page https://www.suse.com/security/cve/CVE-2017-7000/ SUSE CVE CVE-2017-7000 page https://www.suse.com/security/cve/CVE-2018-16065/ SUSE CVE CVE-2018-16065 page https://www.suse.com/security/cve/CVE-2018-16066/ SUSE CVE CVE-2018-16066 page https://www.suse.com/security/cve/CVE-2018-16067/ SUSE CVE CVE-2018-16067 page https://www.suse.com/security/cve/CVE-2018-16068/ SUSE CVE CVE-2018-16068 page https://www.suse.com/security/cve/CVE-2018-16069/ SUSE CVE CVE-2018-16069 page https://www.suse.com/security/cve/CVE-2018-16070/ SUSE CVE CVE-2018-16070 page https://www.suse.com/security/cve/CVE-2018-16071/ SUSE CVE CVE-2018-16071 page https://www.suse.com/security/cve/CVE-2018-16073/ SUSE CVE CVE-2018-16073 page https://www.suse.com/security/cve/CVE-2018-16074/ SUSE CVE CVE-2018-16074 page https://www.suse.com/security/cve/CVE-2018-16075/ SUSE CVE CVE-2018-16075 page https://www.suse.com/security/cve/CVE-2018-16076/ SUSE CVE CVE-2018-16076 page https://www.suse.com/security/cve/CVE-2018-16077/ SUSE CVE CVE-2018-16077 page https://www.suse.com/security/cve/CVE-2018-16078/ SUSE CVE CVE-2018-16078 page https://www.suse.com/security/cve/CVE-2018-16079/ SUSE CVE CVE-2018-16079 page https://www.suse.com/security/cve/CVE-2018-16080/ SUSE CVE CVE-2018-16080 page https://www.suse.com/security/cve/CVE-2018-16081/ SUSE CVE CVE-2018-16081 page https://www.suse.com/security/cve/CVE-2018-16082/ SUSE CVE CVE-2018-16082 page https://www.suse.com/security/cve/CVE-2018-16083/ SUSE CVE CVE-2018-16083 page https://www.suse.com/security/cve/CVE-2018-16084/ SUSE CVE CVE-2018-16084 page https://www.suse.com/security/cve/CVE-2018-16085/ SUSE CVE CVE-2018-16085 page https://www.suse.com/security/cve/CVE-2018-16086/ SUSE CVE CVE-2018-16086 page https://www.suse.com/security/cve/CVE-2018-16087/ SUSE CVE CVE-2018-16087 page https://www.suse.com/security/cve/CVE-2018-16088/ SUSE CVE CVE-2018-16088 page https://www.suse.com/security/cve/CVE-2018-17462/ SUSE CVE CVE-2018-17462 page https://www.suse.com/security/cve/CVE-2018-17463/ SUSE CVE CVE-2018-17463 page https://www.suse.com/security/cve/CVE-2018-17464/ SUSE CVE CVE-2018-17464 page https://www.suse.com/security/cve/CVE-2018-17465/ SUSE CVE CVE-2018-17465 page https://www.suse.com/security/cve/CVE-2018-17466/ SUSE CVE CVE-2018-17466 page https://www.suse.com/security/cve/CVE-2018-17467/ SUSE CVE CVE-2018-17467 page https://www.suse.com/security/cve/CVE-2018-17468/ SUSE CVE CVE-2018-17468 page https://www.suse.com/security/cve/CVE-2018-17469/ SUSE CVE CVE-2018-17469 page https://www.suse.com/security/cve/CVE-2018-17470/ SUSE CVE CVE-2018-17470 page https://www.suse.com/security/cve/CVE-2018-17471/ SUSE CVE CVE-2018-17471 page https://www.suse.com/security/cve/CVE-2018-17472/ SUSE CVE CVE-2018-17472 page https://www.suse.com/security/cve/CVE-2018-17473/ SUSE CVE CVE-2018-17473 page https://www.suse.com/security/cve/CVE-2018-17474/ SUSE CVE CVE-2018-17474 page https://www.suse.com/security/cve/CVE-2018-17475/ SUSE CVE CVE-2018-17475 page https://www.suse.com/security/cve/CVE-2018-17476/ SUSE CVE CVE-2018-17476 page https://www.suse.com/security/cve/CVE-2018-17477/ SUSE CVE CVE-2018-17477 page https://www.suse.com/security/cve/CVE-2018-17478/ SUSE CVE CVE-2018-17478 page https://www.suse.com/security/cve/CVE-2018-17479/ SUSE CVE CVE-2018-17479 page https://www.suse.com/security/cve/CVE-2018-17480/ SUSE CVE CVE-2018-17480 page https://www.suse.com/security/cve/CVE-2018-17481/ SUSE CVE CVE-2018-17481 page https://www.suse.com/security/cve/CVE-2018-18335/ SUSE CVE CVE-2018-18335 page https://www.suse.com/security/cve/CVE-2018-18336/ SUSE CVE CVE-2018-18336 page https://www.suse.com/security/cve/CVE-2018-18337/ SUSE CVE CVE-2018-18337 page https://www.suse.com/security/cve/CVE-2018-18338/ SUSE CVE CVE-2018-18338 page https://www.suse.com/security/cve/CVE-2018-18339/ SUSE CVE CVE-2018-18339 page https://www.suse.com/security/cve/CVE-2018-18340/ SUSE CVE CVE-2018-18340 page https://www.suse.com/security/cve/CVE-2018-18341/ SUSE CVE CVE-2018-18341 page https://www.suse.com/security/cve/CVE-2018-18342/ SUSE CVE CVE-2018-18342 page https://www.suse.com/security/cve/CVE-2018-18343/ SUSE CVE CVE-2018-18343 page https://www.suse.com/security/cve/CVE-2018-18344/ SUSE CVE CVE-2018-18344 page https://www.suse.com/security/cve/CVE-2018-18345/ SUSE CVE CVE-2018-18345 page https://www.suse.com/security/cve/CVE-2018-18346/ SUSE CVE CVE-2018-18346 page https://www.suse.com/security/cve/CVE-2018-18347/ SUSE CVE CVE-2018-18347 page https://www.suse.com/security/cve/CVE-2018-18348/ SUSE CVE CVE-2018-18348 page https://www.suse.com/security/cve/CVE-2018-18349/ SUSE CVE CVE-2018-18349 page https://www.suse.com/security/cve/CVE-2018-18350/ SUSE CVE CVE-2018-18350 page https://www.suse.com/security/cve/CVE-2018-18351/ SUSE CVE CVE-2018-18351 page https://www.suse.com/security/cve/CVE-2018-18352/ SUSE CVE CVE-2018-18352 page https://www.suse.com/security/cve/CVE-2018-18353/ SUSE CVE CVE-2018-18353 page https://www.suse.com/security/cve/CVE-2018-18354/ SUSE CVE CVE-2018-18354 page https://www.suse.com/security/cve/CVE-2018-18355/ SUSE CVE CVE-2018-18355 page https://www.suse.com/security/cve/CVE-2018-18356/ SUSE CVE CVE-2018-18356 page https://www.suse.com/security/cve/CVE-2018-18357/ SUSE CVE CVE-2018-18357 page https://www.suse.com/security/cve/CVE-2018-18358/ SUSE CVE CVE-2018-18358 page https://www.suse.com/security/cve/CVE-2018-18359/ SUSE CVE CVE-2018-18359 page https://www.suse.com/security/cve/CVE-2018-20073/ SUSE CVE CVE-2018-20073 page https://www.suse.com/security/cve/CVE-2018-4117/ SUSE CVE CVE-2018-4117 page https://www.suse.com/security/cve/CVE-2018-5179/ SUSE CVE CVE-2018-5179 page https://www.suse.com/security/cve/CVE-2018-6031/ SUSE CVE CVE-2018-6031 page https://www.suse.com/security/cve/CVE-2018-6032/ SUSE CVE CVE-2018-6032 page https://www.suse.com/security/cve/CVE-2018-6033/ SUSE CVE CVE-2018-6033 page https://www.suse.com/security/cve/CVE-2018-6034/ SUSE CVE CVE-2018-6034 page https://www.suse.com/security/cve/CVE-2018-6035/ SUSE CVE CVE-2018-6035 page https://www.suse.com/security/cve/CVE-2018-6036/ SUSE CVE CVE-2018-6036 page https://www.suse.com/security/cve/CVE-2018-6037/ SUSE CVE CVE-2018-6037 page https://www.suse.com/security/cve/CVE-2018-6038/ SUSE CVE CVE-2018-6038 page https://www.suse.com/security/cve/CVE-2018-6039/ SUSE CVE CVE-2018-6039 page https://www.suse.com/security/cve/CVE-2018-6040/ SUSE CVE CVE-2018-6040 page https://www.suse.com/security/cve/CVE-2018-6041/ SUSE CVE CVE-2018-6041 page https://www.suse.com/security/cve/CVE-2018-6042/ SUSE CVE CVE-2018-6042 page https://www.suse.com/security/cve/CVE-2018-6043/ SUSE CVE CVE-2018-6043 page https://www.suse.com/security/cve/CVE-2018-6044/ SUSE CVE CVE-2018-6044 page https://www.suse.com/security/cve/CVE-2018-6045/ SUSE CVE CVE-2018-6045 page https://www.suse.com/security/cve/CVE-2018-6046/ SUSE CVE CVE-2018-6046 page https://www.suse.com/security/cve/CVE-2018-6047/ SUSE CVE CVE-2018-6047 page https://www.suse.com/security/cve/CVE-2018-6048/ SUSE CVE CVE-2018-6048 page https://www.suse.com/security/cve/CVE-2018-6049/ SUSE CVE CVE-2018-6049 page https://www.suse.com/security/cve/CVE-2018-6050/ SUSE CVE CVE-2018-6050 page https://www.suse.com/security/cve/CVE-2018-6051/ SUSE CVE CVE-2018-6051 page https://www.suse.com/security/cve/CVE-2018-6052/ SUSE CVE CVE-2018-6052 page https://www.suse.com/security/cve/CVE-2018-6053/ SUSE CVE CVE-2018-6053 page https://www.suse.com/security/cve/CVE-2018-6054/ SUSE CVE CVE-2018-6054 page https://www.suse.com/security/cve/CVE-2018-6056/ SUSE CVE CVE-2018-6056 page https://www.suse.com/security/cve/CVE-2018-6057/ SUSE CVE CVE-2018-6057 page https://www.suse.com/security/cve/CVE-2018-6060/ SUSE CVE CVE-2018-6060 page https://www.suse.com/security/cve/CVE-2018-6061/ SUSE CVE CVE-2018-6061 page https://www.suse.com/security/cve/CVE-2018-6062/ SUSE CVE CVE-2018-6062 page https://www.suse.com/security/cve/CVE-2018-6063/ SUSE CVE CVE-2018-6063 page https://www.suse.com/security/cve/CVE-2018-6064/ SUSE CVE CVE-2018-6064 page https://www.suse.com/security/cve/CVE-2018-6065/ SUSE CVE CVE-2018-6065 page https://www.suse.com/security/cve/CVE-2018-6066/ SUSE CVE CVE-2018-6066 page https://www.suse.com/security/cve/CVE-2018-6067/ SUSE CVE CVE-2018-6067 page https://www.suse.com/security/cve/CVE-2018-6068/ SUSE CVE CVE-2018-6068 page https://www.suse.com/security/cve/CVE-2018-6069/ SUSE CVE CVE-2018-6069 page https://www.suse.com/security/cve/CVE-2018-6070/ SUSE CVE CVE-2018-6070 page https://www.suse.com/security/cve/CVE-2018-6071/ SUSE CVE CVE-2018-6071 page https://www.suse.com/security/cve/CVE-2018-6072/ SUSE CVE CVE-2018-6072 page https://www.suse.com/security/cve/CVE-2018-6073/ SUSE CVE CVE-2018-6073 page https://www.suse.com/security/cve/CVE-2018-6074/ SUSE CVE CVE-2018-6074 page https://www.suse.com/security/cve/CVE-2018-6075/ SUSE CVE CVE-2018-6075 page https://www.suse.com/security/cve/CVE-2018-6076/ SUSE CVE CVE-2018-6076 page https://www.suse.com/security/cve/CVE-2018-6077/ SUSE CVE CVE-2018-6077 page https://www.suse.com/security/cve/CVE-2018-6078/ SUSE CVE CVE-2018-6078 page https://www.suse.com/security/cve/CVE-2018-6079/ SUSE CVE CVE-2018-6079 page https://www.suse.com/security/cve/CVE-2018-6080/ SUSE CVE CVE-2018-6080 page https://www.suse.com/security/cve/CVE-2018-6081/ SUSE CVE CVE-2018-6081 page https://www.suse.com/security/cve/CVE-2018-6082/ SUSE CVE CVE-2018-6082 page https://www.suse.com/security/cve/CVE-2018-6083/ SUSE CVE CVE-2018-6083 page https://www.suse.com/security/cve/CVE-2018-6085/ SUSE CVE CVE-2018-6085 page https://www.suse.com/security/cve/CVE-2018-6086/ SUSE CVE CVE-2018-6086 page https://www.suse.com/security/cve/CVE-2018-6087/ SUSE CVE CVE-2018-6087 page https://www.suse.com/security/cve/CVE-2018-6088/ SUSE CVE CVE-2018-6088 page https://www.suse.com/security/cve/CVE-2018-6089/ SUSE CVE CVE-2018-6089 page https://www.suse.com/security/cve/CVE-2018-6090/ SUSE CVE CVE-2018-6090 page https://www.suse.com/security/cve/CVE-2018-6091/ SUSE CVE CVE-2018-6091 page https://www.suse.com/security/cve/CVE-2018-6092/ SUSE CVE CVE-2018-6092 page https://www.suse.com/security/cve/CVE-2018-6093/ SUSE CVE CVE-2018-6093 page https://www.suse.com/security/cve/CVE-2018-6094/ SUSE CVE CVE-2018-6094 page https://www.suse.com/security/cve/CVE-2018-6095/ SUSE CVE CVE-2018-6095 page https://www.suse.com/security/cve/CVE-2018-6096/ SUSE CVE CVE-2018-6096 page https://www.suse.com/security/cve/CVE-2018-6097/ SUSE CVE CVE-2018-6097 page https://www.suse.com/security/cve/CVE-2018-6098/ SUSE CVE CVE-2018-6098 page https://www.suse.com/security/cve/CVE-2018-6099/ SUSE CVE CVE-2018-6099 page https://www.suse.com/security/cve/CVE-2018-6100/ SUSE CVE CVE-2018-6100 page https://www.suse.com/security/cve/CVE-2018-6101/ SUSE CVE CVE-2018-6101 page https://www.suse.com/security/cve/CVE-2018-6102/ SUSE CVE CVE-2018-6102 page https://www.suse.com/security/cve/CVE-2018-6103/ SUSE CVE CVE-2018-6103 page https://www.suse.com/security/cve/CVE-2018-6104/ SUSE CVE CVE-2018-6104 page https://www.suse.com/security/cve/CVE-2018-6105/ SUSE CVE CVE-2018-6105 page https://www.suse.com/security/cve/CVE-2018-6106/ SUSE CVE CVE-2018-6106 page https://www.suse.com/security/cve/CVE-2018-6107/ SUSE CVE CVE-2018-6107 page https://www.suse.com/security/cve/CVE-2018-6108/ SUSE CVE CVE-2018-6108 page https://www.suse.com/security/cve/CVE-2018-6109/ SUSE CVE CVE-2018-6109 page https://www.suse.com/security/cve/CVE-2018-6110/ SUSE CVE CVE-2018-6110 page https://www.suse.com/security/cve/CVE-2018-6111/ SUSE CVE CVE-2018-6111 page https://www.suse.com/security/cve/CVE-2018-6112/ SUSE CVE CVE-2018-6112 page https://www.suse.com/security/cve/CVE-2018-6113/ SUSE CVE CVE-2018-6113 page https://www.suse.com/security/cve/CVE-2018-6114/ SUSE CVE CVE-2018-6114 page https://www.suse.com/security/cve/CVE-2018-6115/ SUSE CVE CVE-2018-6115 page https://www.suse.com/security/cve/CVE-2018-6116/ SUSE CVE CVE-2018-6116 page https://www.suse.com/security/cve/CVE-2018-6117/ SUSE CVE CVE-2018-6117 page https://www.suse.com/security/cve/CVE-2018-6118/ SUSE CVE CVE-2018-6118 page https://www.suse.com/security/cve/CVE-2018-6120/ SUSE CVE CVE-2018-6120 page https://www.suse.com/security/cve/CVE-2018-6121/ SUSE CVE CVE-2018-6121 page https://www.suse.com/security/cve/CVE-2018-6122/ SUSE CVE CVE-2018-6122 page https://www.suse.com/security/cve/CVE-2018-6123/ SUSE CVE CVE-2018-6123 page https://www.suse.com/security/cve/CVE-2018-6124/ SUSE CVE CVE-2018-6124 page https://www.suse.com/security/cve/CVE-2018-6125/ SUSE CVE CVE-2018-6125 page https://www.suse.com/security/cve/CVE-2018-6126/ SUSE CVE CVE-2018-6126 page https://www.suse.com/security/cve/CVE-2018-6127/ SUSE CVE CVE-2018-6127 page https://www.suse.com/security/cve/CVE-2018-6128/ SUSE CVE CVE-2018-6128 page https://www.suse.com/security/cve/CVE-2018-6129/ SUSE CVE CVE-2018-6129 page https://www.suse.com/security/cve/CVE-2018-6130/ SUSE CVE CVE-2018-6130 page https://www.suse.com/security/cve/CVE-2018-6131/ SUSE CVE CVE-2018-6131 page https://www.suse.com/security/cve/CVE-2018-6132/ SUSE CVE CVE-2018-6132 page https://www.suse.com/security/cve/CVE-2018-6133/ SUSE CVE CVE-2018-6133 page https://www.suse.com/security/cve/CVE-2018-6134/ SUSE CVE CVE-2018-6134 page https://www.suse.com/security/cve/CVE-2018-6135/ SUSE CVE CVE-2018-6135 page https://www.suse.com/security/cve/CVE-2018-6136/ SUSE CVE CVE-2018-6136 page https://www.suse.com/security/cve/CVE-2018-6137/ SUSE CVE CVE-2018-6137 page https://www.suse.com/security/cve/CVE-2018-6138/ SUSE CVE CVE-2018-6138 page https://www.suse.com/security/cve/CVE-2018-6139/ SUSE CVE CVE-2018-6139 page https://www.suse.com/security/cve/CVE-2018-6140/ SUSE CVE CVE-2018-6140 page https://www.suse.com/security/cve/CVE-2018-6141/ SUSE CVE CVE-2018-6141 page https://www.suse.com/security/cve/CVE-2018-6142/ SUSE CVE CVE-2018-6142 page https://www.suse.com/security/cve/CVE-2018-6143/ SUSE CVE CVE-2018-6143 page https://www.suse.com/security/cve/CVE-2018-6144/ SUSE CVE CVE-2018-6144 page https://www.suse.com/security/cve/CVE-2018-6145/ SUSE CVE CVE-2018-6145 page https://www.suse.com/security/cve/CVE-2018-6147/ SUSE CVE CVE-2018-6147 page https://www.suse.com/security/cve/CVE-2018-6148/ SUSE CVE CVE-2018-6148 page https://www.suse.com/security/cve/CVE-2018-6149/ SUSE CVE CVE-2018-6149 page https://www.suse.com/security/cve/CVE-2018-6153/ SUSE CVE CVE-2018-6153 page https://www.suse.com/security/cve/CVE-2018-6154/ SUSE CVE CVE-2018-6154 page https://www.suse.com/security/cve/CVE-2018-6155/ SUSE CVE CVE-2018-6155 page https://www.suse.com/security/cve/CVE-2018-6156/ SUSE CVE CVE-2018-6156 page https://www.suse.com/security/cve/CVE-2018-6157/ SUSE CVE CVE-2018-6157 page https://www.suse.com/security/cve/CVE-2018-6158/ SUSE CVE CVE-2018-6158 page https://www.suse.com/security/cve/CVE-2018-6159/ SUSE CVE CVE-2018-6159 page https://www.suse.com/security/cve/CVE-2018-6160/ SUSE CVE CVE-2018-6160 page https://www.suse.com/security/cve/CVE-2018-6161/ SUSE CVE CVE-2018-6161 page https://www.suse.com/security/cve/CVE-2018-6162/ SUSE CVE CVE-2018-6162 page https://www.suse.com/security/cve/CVE-2018-6163/ SUSE CVE CVE-2018-6163 page https://www.suse.com/security/cve/CVE-2018-6164/ SUSE CVE CVE-2018-6164 page https://www.suse.com/security/cve/CVE-2018-6165/ SUSE CVE CVE-2018-6165 page https://www.suse.com/security/cve/CVE-2018-6166/ SUSE CVE CVE-2018-6166 page https://www.suse.com/security/cve/CVE-2018-6167/ SUSE CVE CVE-2018-6167 page https://www.suse.com/security/cve/CVE-2018-6168/ SUSE CVE CVE-2018-6168 page https://www.suse.com/security/cve/CVE-2018-6169/ SUSE CVE CVE-2018-6169 page https://www.suse.com/security/cve/CVE-2018-6170/ SUSE CVE CVE-2018-6170 page https://www.suse.com/security/cve/CVE-2018-6171/ SUSE CVE CVE-2018-6171 page https://www.suse.com/security/cve/CVE-2018-6172/ SUSE CVE CVE-2018-6172 page https://www.suse.com/security/cve/CVE-2018-6173/ SUSE CVE CVE-2018-6173 page https://www.suse.com/security/cve/CVE-2018-6174/ SUSE CVE CVE-2018-6174 page https://www.suse.com/security/cve/CVE-2018-6175/ SUSE CVE CVE-2018-6175 page https://www.suse.com/security/cve/CVE-2018-6176/ SUSE CVE CVE-2018-6176 page https://www.suse.com/security/cve/CVE-2018-6177/ SUSE CVE CVE-2018-6177 page https://www.suse.com/security/cve/CVE-2018-6178/ SUSE CVE CVE-2018-6178 page https://www.suse.com/security/cve/CVE-2018-6179/ SUSE CVE CVE-2018-6179 page https://www.suse.com/security/cve/CVE-2018-6406/ SUSE CVE CVE-2018-6406 page https://www.suse.com/security/cve/CVE-2019-13659/ SUSE CVE CVE-2019-13659 page https://www.suse.com/security/cve/CVE-2019-13660/ SUSE CVE CVE-2019-13660 page https://www.suse.com/security/cve/CVE-2019-13661/ SUSE CVE CVE-2019-13661 page https://www.suse.com/security/cve/CVE-2019-13662/ SUSE CVE CVE-2019-13662 page https://www.suse.com/security/cve/CVE-2019-13663/ SUSE CVE CVE-2019-13663 page https://www.suse.com/security/cve/CVE-2019-13664/ SUSE CVE CVE-2019-13664 page https://www.suse.com/security/cve/CVE-2019-13665/ SUSE CVE CVE-2019-13665 page https://www.suse.com/security/cve/CVE-2019-13666/ SUSE CVE CVE-2019-13666 page https://www.suse.com/security/cve/CVE-2019-13667/ SUSE CVE CVE-2019-13667 page https://www.suse.com/security/cve/CVE-2019-13668/ SUSE CVE CVE-2019-13668 page https://www.suse.com/security/cve/CVE-2019-13669/ SUSE CVE CVE-2019-13669 page https://www.suse.com/security/cve/CVE-2019-13670/ SUSE CVE CVE-2019-13670 page https://www.suse.com/security/cve/CVE-2019-13671/ SUSE CVE CVE-2019-13671 page https://www.suse.com/security/cve/CVE-2019-13673/ SUSE CVE CVE-2019-13673 page https://www.suse.com/security/cve/CVE-2019-13674/ SUSE CVE CVE-2019-13674 page https://www.suse.com/security/cve/CVE-2019-13675/ SUSE CVE CVE-2019-13675 page https://www.suse.com/security/cve/CVE-2019-13676/ SUSE CVE CVE-2019-13676 page https://www.suse.com/security/cve/CVE-2019-13677/ SUSE CVE CVE-2019-13677 page https://www.suse.com/security/cve/CVE-2019-13678/ SUSE CVE CVE-2019-13678 page https://www.suse.com/security/cve/CVE-2019-13679/ SUSE CVE CVE-2019-13679 page https://www.suse.com/security/cve/CVE-2019-13680/ SUSE CVE CVE-2019-13680 page https://www.suse.com/security/cve/CVE-2019-13681/ SUSE CVE CVE-2019-13681 page https://www.suse.com/security/cve/CVE-2019-13682/ SUSE CVE CVE-2019-13682 page https://www.suse.com/security/cve/CVE-2019-13683/ SUSE CVE CVE-2019-13683 page https://www.suse.com/security/cve/CVE-2019-13685/ SUSE CVE CVE-2019-13685 page https://www.suse.com/security/cve/CVE-2019-13686/ SUSE CVE CVE-2019-13686 page https://www.suse.com/security/cve/CVE-2019-13687/ SUSE CVE CVE-2019-13687 page https://www.suse.com/security/cve/CVE-2019-13688/ SUSE CVE CVE-2019-13688 page https://www.suse.com/security/cve/CVE-2019-13693/ SUSE CVE CVE-2019-13693 page https://www.suse.com/security/cve/CVE-2019-13694/ SUSE CVE CVE-2019-13694 page https://www.suse.com/security/cve/CVE-2019-13695/ SUSE CVE CVE-2019-13695 page https://www.suse.com/security/cve/CVE-2019-13696/ SUSE CVE CVE-2019-13696 page https://www.suse.com/security/cve/CVE-2019-13697/ SUSE CVE CVE-2019-13697 page https://www.suse.com/security/cve/CVE-2019-13699/ SUSE CVE CVE-2019-13699 page https://www.suse.com/security/cve/CVE-2019-13700/ SUSE CVE CVE-2019-13700 page https://www.suse.com/security/cve/CVE-2019-13701/ SUSE CVE CVE-2019-13701 page https://www.suse.com/security/cve/CVE-2019-13702/ SUSE CVE CVE-2019-13702 page https://www.suse.com/security/cve/CVE-2019-13703/ SUSE CVE CVE-2019-13703 page https://www.suse.com/security/cve/CVE-2019-13704/ SUSE CVE CVE-2019-13704 page https://www.suse.com/security/cve/CVE-2019-13705/ SUSE CVE CVE-2019-13705 page https://www.suse.com/security/cve/CVE-2019-13706/ SUSE CVE CVE-2019-13706 page https://www.suse.com/security/cve/CVE-2019-13707/ SUSE CVE CVE-2019-13707 page https://www.suse.com/security/cve/CVE-2019-13708/ SUSE CVE CVE-2019-13708 page https://www.suse.com/security/cve/CVE-2019-13709/ SUSE CVE CVE-2019-13709 page https://www.suse.com/security/cve/CVE-2019-13710/ SUSE CVE CVE-2019-13710 page https://www.suse.com/security/cve/CVE-2019-13711/ SUSE CVE CVE-2019-13711 page https://www.suse.com/security/cve/CVE-2019-13713/ SUSE CVE CVE-2019-13713 page https://www.suse.com/security/cve/CVE-2019-13714/ SUSE CVE CVE-2019-13714 page https://www.suse.com/security/cve/CVE-2019-13715/ SUSE CVE CVE-2019-13715 page https://www.suse.com/security/cve/CVE-2019-13716/ SUSE CVE CVE-2019-13716 page https://www.suse.com/security/cve/CVE-2019-13717/ SUSE CVE CVE-2019-13717 page https://www.suse.com/security/cve/CVE-2019-13718/ SUSE CVE CVE-2019-13718 page https://www.suse.com/security/cve/CVE-2019-13719/ SUSE CVE CVE-2019-13719 page https://www.suse.com/security/cve/CVE-2019-13720/ SUSE CVE CVE-2019-13720 page https://www.suse.com/security/cve/CVE-2019-13721/ SUSE CVE CVE-2019-13721 page https://www.suse.com/security/cve/CVE-2019-13723/ SUSE CVE CVE-2019-13723 page https://www.suse.com/security/cve/CVE-2019-13724/ SUSE CVE CVE-2019-13724 page https://www.suse.com/security/cve/CVE-2019-13725/ SUSE CVE CVE-2019-13725 page https://www.suse.com/security/cve/CVE-2019-13726/ SUSE CVE CVE-2019-13726 page https://www.suse.com/security/cve/CVE-2019-13727/ SUSE CVE CVE-2019-13727 page https://www.suse.com/security/cve/CVE-2019-13728/ SUSE CVE CVE-2019-13728 page https://www.suse.com/security/cve/CVE-2019-13729/ SUSE CVE CVE-2019-13729 page https://www.suse.com/security/cve/CVE-2019-13730/ SUSE CVE CVE-2019-13730 page https://www.suse.com/security/cve/CVE-2019-13732/ SUSE CVE CVE-2019-13732 page https://www.suse.com/security/cve/CVE-2019-13734/ SUSE CVE CVE-2019-13734 page https://www.suse.com/security/cve/CVE-2019-13735/ SUSE CVE CVE-2019-13735 page https://www.suse.com/security/cve/CVE-2019-13736/ SUSE CVE CVE-2019-13736 page https://www.suse.com/security/cve/CVE-2019-13737/ SUSE CVE CVE-2019-13737 page https://www.suse.com/security/cve/CVE-2019-13738/ SUSE CVE CVE-2019-13738 page https://www.suse.com/security/cve/CVE-2019-13739/ SUSE CVE CVE-2019-13739 page https://www.suse.com/security/cve/CVE-2019-13740/ SUSE CVE CVE-2019-13740 page https://www.suse.com/security/cve/CVE-2019-13741/ SUSE CVE CVE-2019-13741 page https://www.suse.com/security/cve/CVE-2019-13742/ SUSE CVE CVE-2019-13742 page https://www.suse.com/security/cve/CVE-2019-13743/ SUSE CVE CVE-2019-13743 page https://www.suse.com/security/cve/CVE-2019-13744/ SUSE CVE CVE-2019-13744 page https://www.suse.com/security/cve/CVE-2019-13745/ SUSE CVE CVE-2019-13745 page https://www.suse.com/security/cve/CVE-2019-13746/ SUSE CVE CVE-2019-13746 page https://www.suse.com/security/cve/CVE-2019-13747/ SUSE CVE CVE-2019-13747 page https://www.suse.com/security/cve/CVE-2019-13748/ SUSE CVE CVE-2019-13748 page https://www.suse.com/security/cve/CVE-2019-13749/ SUSE CVE CVE-2019-13749 page https://www.suse.com/security/cve/CVE-2019-13750/ SUSE CVE CVE-2019-13750 page https://www.suse.com/security/cve/CVE-2019-13751/ SUSE CVE CVE-2019-13751 page https://www.suse.com/security/cve/CVE-2019-13752/ SUSE CVE CVE-2019-13752 page https://www.suse.com/security/cve/CVE-2019-13753/ SUSE CVE CVE-2019-13753 page https://www.suse.com/security/cve/CVE-2019-13754/ SUSE CVE CVE-2019-13754 page https://www.suse.com/security/cve/CVE-2019-13755/ SUSE CVE CVE-2019-13755 page https://www.suse.com/security/cve/CVE-2019-13756/ SUSE CVE CVE-2019-13756 page https://www.suse.com/security/cve/CVE-2019-13757/ SUSE CVE CVE-2019-13757 page https://www.suse.com/security/cve/CVE-2019-13758/ SUSE CVE CVE-2019-13758 page https://www.suse.com/security/cve/CVE-2019-13759/ SUSE CVE CVE-2019-13759 page https://www.suse.com/security/cve/CVE-2019-13761/ SUSE CVE CVE-2019-13761 page https://www.suse.com/security/cve/CVE-2019-13762/ SUSE CVE CVE-2019-13762 page https://www.suse.com/security/cve/CVE-2019-13763/ SUSE CVE CVE-2019-13763 page https://www.suse.com/security/cve/CVE-2019-13764/ SUSE CVE CVE-2019-13764 page https://www.suse.com/security/cve/CVE-2019-13767/ SUSE CVE CVE-2019-13767 page https://www.suse.com/security/cve/CVE-2019-15903/ SUSE CVE CVE-2019-15903 page https://www.suse.com/security/cve/CVE-2019-18197/ SUSE CVE CVE-2019-18197 page https://www.suse.com/security/cve/CVE-2019-19880/ SUSE CVE CVE-2019-19880 page https://www.suse.com/security/cve/CVE-2019-19923/ SUSE CVE CVE-2019-19923 page https://www.suse.com/security/cve/CVE-2019-19926/ SUSE CVE CVE-2019-19926 page https://www.suse.com/security/cve/CVE-2019-20503/ SUSE CVE CVE-2019-20503 page https://www.suse.com/security/cve/CVE-2019-5754/ SUSE CVE CVE-2019-5754 page https://www.suse.com/security/cve/CVE-2019-5755/ SUSE CVE CVE-2019-5755 page https://www.suse.com/security/cve/CVE-2019-5756/ SUSE CVE CVE-2019-5756 page https://www.suse.com/security/cve/CVE-2019-5757/ SUSE CVE CVE-2019-5757 page https://www.suse.com/security/cve/CVE-2019-5758/ SUSE CVE CVE-2019-5758 page https://www.suse.com/security/cve/CVE-2019-5759/ SUSE CVE CVE-2019-5759 page https://www.suse.com/security/cve/CVE-2019-5760/ SUSE CVE CVE-2019-5760 page https://www.suse.com/security/cve/CVE-2019-5761/ SUSE CVE CVE-2019-5761 page https://www.suse.com/security/cve/CVE-2019-5762/ SUSE CVE CVE-2019-5762 page https://www.suse.com/security/cve/CVE-2019-5763/ SUSE CVE CVE-2019-5763 page https://www.suse.com/security/cve/CVE-2019-5764/ SUSE CVE CVE-2019-5764 page https://www.suse.com/security/cve/CVE-2019-5765/ SUSE CVE CVE-2019-5765 page https://www.suse.com/security/cve/CVE-2019-5766/ SUSE CVE CVE-2019-5766 page https://www.suse.com/security/cve/CVE-2019-5767/ SUSE CVE CVE-2019-5767 page https://www.suse.com/security/cve/CVE-2019-5768/ SUSE CVE CVE-2019-5768 page https://www.suse.com/security/cve/CVE-2019-5769/ SUSE CVE CVE-2019-5769 page https://www.suse.com/security/cve/CVE-2019-5770/ SUSE CVE CVE-2019-5770 page https://www.suse.com/security/cve/CVE-2019-5771/ SUSE CVE CVE-2019-5771 page https://www.suse.com/security/cve/CVE-2019-5772/ SUSE CVE CVE-2019-5772 page https://www.suse.com/security/cve/CVE-2019-5773/ SUSE CVE CVE-2019-5773 page https://www.suse.com/security/cve/CVE-2019-5774/ SUSE CVE CVE-2019-5774 page https://www.suse.com/security/cve/CVE-2019-5775/ SUSE CVE CVE-2019-5775 page https://www.suse.com/security/cve/CVE-2019-5776/ SUSE CVE CVE-2019-5776 page https://www.suse.com/security/cve/CVE-2019-5777/ SUSE CVE CVE-2019-5777 page https://www.suse.com/security/cve/CVE-2019-5778/ SUSE CVE CVE-2019-5778 page https://www.suse.com/security/cve/CVE-2019-5779/ SUSE CVE CVE-2019-5779 page https://www.suse.com/security/cve/CVE-2019-5780/ SUSE CVE CVE-2019-5780 page https://www.suse.com/security/cve/CVE-2019-5781/ SUSE CVE CVE-2019-5781 page https://www.suse.com/security/cve/CVE-2019-5782/ SUSE CVE CVE-2019-5782 page https://www.suse.com/security/cve/CVE-2019-5784/ SUSE CVE CVE-2019-5784 page https://www.suse.com/security/cve/CVE-2019-5786/ SUSE CVE CVE-2019-5786 page https://www.suse.com/security/cve/CVE-2019-5787/ SUSE CVE CVE-2019-5787 page https://www.suse.com/security/cve/CVE-2019-5788/ SUSE CVE CVE-2019-5788 page https://www.suse.com/security/cve/CVE-2019-5789/ SUSE CVE CVE-2019-5789 page https://www.suse.com/security/cve/CVE-2019-5790/ SUSE CVE CVE-2019-5790 page https://www.suse.com/security/cve/CVE-2019-5791/ SUSE CVE CVE-2019-5791 page https://www.suse.com/security/cve/CVE-2019-5792/ SUSE CVE CVE-2019-5792 page https://www.suse.com/security/cve/CVE-2019-5793/ SUSE CVE CVE-2019-5793 page https://www.suse.com/security/cve/CVE-2019-5794/ SUSE CVE CVE-2019-5794 page https://www.suse.com/security/cve/CVE-2019-5795/ SUSE CVE CVE-2019-5795 page https://www.suse.com/security/cve/CVE-2019-5796/ SUSE CVE CVE-2019-5796 page https://www.suse.com/security/cve/CVE-2019-5797/ SUSE CVE CVE-2019-5797 page https://www.suse.com/security/cve/CVE-2019-5798/ SUSE CVE CVE-2019-5798 page https://www.suse.com/security/cve/CVE-2019-5799/ SUSE CVE CVE-2019-5799 page https://www.suse.com/security/cve/CVE-2019-5800/ SUSE CVE CVE-2019-5800 page https://www.suse.com/security/cve/CVE-2019-5801/ SUSE CVE CVE-2019-5801 page https://www.suse.com/security/cve/CVE-2019-5802/ SUSE CVE CVE-2019-5802 page https://www.suse.com/security/cve/CVE-2019-5803/ SUSE CVE CVE-2019-5803 page https://www.suse.com/security/cve/CVE-2019-5804/ SUSE CVE CVE-2019-5804 page https://www.suse.com/security/cve/CVE-2019-5805/ SUSE CVE CVE-2019-5805 page https://www.suse.com/security/cve/CVE-2019-5806/ SUSE CVE CVE-2019-5806 page https://www.suse.com/security/cve/CVE-2019-5807/ SUSE CVE CVE-2019-5807 page https://www.suse.com/security/cve/CVE-2019-5808/ SUSE CVE CVE-2019-5808 page https://www.suse.com/security/cve/CVE-2019-5809/ SUSE CVE CVE-2019-5809 page https://www.suse.com/security/cve/CVE-2019-5810/ SUSE CVE CVE-2019-5810 page https://www.suse.com/security/cve/CVE-2019-5811/ SUSE CVE CVE-2019-5811 page https://www.suse.com/security/cve/CVE-2019-5812/ SUSE CVE CVE-2019-5812 page https://www.suse.com/security/cve/CVE-2019-5813/ SUSE CVE CVE-2019-5813 page https://www.suse.com/security/cve/CVE-2019-5814/ SUSE CVE CVE-2019-5814 page https://www.suse.com/security/cve/CVE-2019-5815/ SUSE CVE CVE-2019-5815 page https://www.suse.com/security/cve/CVE-2019-5816/ SUSE CVE CVE-2019-5816 page https://www.suse.com/security/cve/CVE-2019-5817/ SUSE CVE CVE-2019-5817 page https://www.suse.com/security/cve/CVE-2019-5818/ SUSE CVE CVE-2019-5818 page https://www.suse.com/security/cve/CVE-2019-5819/ SUSE CVE CVE-2019-5819 page https://www.suse.com/security/cve/CVE-2019-5820/ SUSE CVE CVE-2019-5820 page https://www.suse.com/security/cve/CVE-2019-5821/ SUSE CVE CVE-2019-5821 page https://www.suse.com/security/cve/CVE-2019-5822/ SUSE CVE CVE-2019-5822 page https://www.suse.com/security/cve/CVE-2019-5823/ SUSE CVE CVE-2019-5823 page https://www.suse.com/security/cve/CVE-2019-5824/ SUSE CVE CVE-2019-5824 page https://www.suse.com/security/cve/CVE-2019-5827/ SUSE CVE CVE-2019-5827 page https://www.suse.com/security/cve/CVE-2019-5828/ SUSE CVE CVE-2019-5828 page https://www.suse.com/security/cve/CVE-2019-5829/ SUSE CVE CVE-2019-5829 page https://www.suse.com/security/cve/CVE-2019-5830/ SUSE CVE CVE-2019-5830 page https://www.suse.com/security/cve/CVE-2019-5831/ SUSE CVE CVE-2019-5831 page https://www.suse.com/security/cve/CVE-2019-5832/ SUSE CVE CVE-2019-5832 page https://www.suse.com/security/cve/CVE-2019-5833/ SUSE CVE CVE-2019-5833 page https://www.suse.com/security/cve/CVE-2019-5834/ SUSE CVE CVE-2019-5834 page https://www.suse.com/security/cve/CVE-2019-5835/ SUSE CVE CVE-2019-5835 page https://www.suse.com/security/cve/CVE-2019-5836/ SUSE CVE CVE-2019-5836 page https://www.suse.com/security/cve/CVE-2019-5837/ SUSE CVE CVE-2019-5837 page https://www.suse.com/security/cve/CVE-2019-5838/ SUSE CVE CVE-2019-5838 page https://www.suse.com/security/cve/CVE-2019-5839/ SUSE CVE CVE-2019-5839 page https://www.suse.com/security/cve/CVE-2019-5840/ SUSE CVE CVE-2019-5840 page https://www.suse.com/security/cve/CVE-2019-5842/ SUSE CVE CVE-2019-5842 page https://www.suse.com/security/cve/CVE-2019-5844/ SUSE CVE CVE-2019-5844 page https://www.suse.com/security/cve/CVE-2019-5847/ SUSE CVE CVE-2019-5847 page https://www.suse.com/security/cve/CVE-2019-5848/ SUSE CVE CVE-2019-5848 page https://www.suse.com/security/cve/CVE-2019-5850/ SUSE CVE CVE-2019-5850 page https://www.suse.com/security/cve/CVE-2019-5851/ SUSE CVE CVE-2019-5851 page https://www.suse.com/security/cve/CVE-2019-5852/ SUSE CVE CVE-2019-5852 page https://www.suse.com/security/cve/CVE-2019-5853/ SUSE CVE CVE-2019-5853 page https://www.suse.com/security/cve/CVE-2019-5854/ SUSE CVE CVE-2019-5854 page https://www.suse.com/security/cve/CVE-2019-5855/ SUSE CVE CVE-2019-5855 page https://www.suse.com/security/cve/CVE-2019-5856/ SUSE CVE CVE-2019-5856 page https://www.suse.com/security/cve/CVE-2019-5857/ SUSE CVE CVE-2019-5857 page https://www.suse.com/security/cve/CVE-2019-5858/ SUSE CVE CVE-2019-5858 page https://www.suse.com/security/cve/CVE-2019-5859/ SUSE CVE CVE-2019-5859 page https://www.suse.com/security/cve/CVE-2019-5860/ SUSE CVE CVE-2019-5860 page https://www.suse.com/security/cve/CVE-2019-5861/ SUSE CVE CVE-2019-5861 page https://www.suse.com/security/cve/CVE-2019-5862/ SUSE CVE CVE-2019-5862 page https://www.suse.com/security/cve/CVE-2019-5863/ SUSE CVE CVE-2019-5863 page https://www.suse.com/security/cve/CVE-2019-5864/ SUSE CVE CVE-2019-5864 page https://www.suse.com/security/cve/CVE-2019-5865/ SUSE CVE CVE-2019-5865 page https://www.suse.com/security/cve/CVE-2019-5867/ SUSE CVE CVE-2019-5867 page https://www.suse.com/security/cve/CVE-2019-5868/ SUSE CVE CVE-2019-5868 page https://www.suse.com/security/cve/CVE-2019-5869/ SUSE CVE CVE-2019-5869 page https://www.suse.com/security/cve/CVE-2019-5870/ SUSE CVE CVE-2019-5870 page https://www.suse.com/security/cve/CVE-2019-5871/ SUSE CVE CVE-2019-5871 page https://www.suse.com/security/cve/CVE-2019-5872/ SUSE CVE CVE-2019-5872 page https://www.suse.com/security/cve/CVE-2019-5874/ SUSE CVE CVE-2019-5874 page https://www.suse.com/security/cve/CVE-2019-5875/ SUSE CVE CVE-2019-5875 page https://www.suse.com/security/cve/CVE-2019-5876/ SUSE CVE CVE-2019-5876 page https://www.suse.com/security/cve/CVE-2019-5877/ SUSE CVE CVE-2019-5877 page https://www.suse.com/security/cve/CVE-2019-5878/ SUSE CVE CVE-2019-5878 page https://www.suse.com/security/cve/CVE-2019-5879/ SUSE CVE CVE-2019-5879 page https://www.suse.com/security/cve/CVE-2019-5880/ SUSE CVE CVE-2019-5880 page https://www.suse.com/security/cve/CVE-2019-5881/ SUSE CVE CVE-2019-5881 page https://www.suse.com/security/cve/CVE-2019-8075/ SUSE CVE CVE-2019-8075 page https://www.suse.com/security/cve/CVE-2020-0561/ SUSE CVE CVE-2020-0561 page https://www.suse.com/security/cve/CVE-2020-15959/ SUSE CVE CVE-2020-15959 page https://www.suse.com/security/cve/CVE-2020-15960/ SUSE CVE CVE-2020-15960 page https://www.suse.com/security/cve/CVE-2020-15961/ SUSE CVE CVE-2020-15961 page https://www.suse.com/security/cve/CVE-2020-15962/ SUSE CVE CVE-2020-15962 page https://www.suse.com/security/cve/CVE-2020-15963/ SUSE CVE CVE-2020-15963 page https://www.suse.com/security/cve/CVE-2020-15964/ SUSE CVE CVE-2020-15964 page https://www.suse.com/security/cve/CVE-2020-15965/ SUSE CVE CVE-2020-15965 page https://www.suse.com/security/cve/CVE-2020-15966/ SUSE CVE CVE-2020-15966 page https://www.suse.com/security/cve/CVE-2020-15967/ SUSE CVE CVE-2020-15967 page https://www.suse.com/security/cve/CVE-2020-15968/ SUSE CVE CVE-2020-15968 page https://www.suse.com/security/cve/CVE-2020-15969/ SUSE CVE CVE-2020-15969 page https://www.suse.com/security/cve/CVE-2020-15970/ SUSE CVE CVE-2020-15970 page https://www.suse.com/security/cve/CVE-2020-15971/ SUSE CVE CVE-2020-15971 page https://www.suse.com/security/cve/CVE-2020-15972/ SUSE CVE CVE-2020-15972 page https://www.suse.com/security/cve/CVE-2020-15973/ SUSE CVE CVE-2020-15973 page https://www.suse.com/security/cve/CVE-2020-15974/ SUSE CVE CVE-2020-15974 page https://www.suse.com/security/cve/CVE-2020-15975/ SUSE CVE CVE-2020-15975 page https://www.suse.com/security/cve/CVE-2020-15976/ SUSE CVE CVE-2020-15976 page https://www.suse.com/security/cve/CVE-2020-15977/ SUSE CVE CVE-2020-15977 page https://www.suse.com/security/cve/CVE-2020-15978/ SUSE CVE CVE-2020-15978 page https://www.suse.com/security/cve/CVE-2020-15979/ SUSE CVE CVE-2020-15979 page https://www.suse.com/security/cve/CVE-2020-15980/ SUSE CVE CVE-2020-15980 page https://www.suse.com/security/cve/CVE-2020-15981/ SUSE CVE CVE-2020-15981 page https://www.suse.com/security/cve/CVE-2020-15982/ SUSE CVE CVE-2020-15982 page https://www.suse.com/security/cve/CVE-2020-15983/ SUSE CVE CVE-2020-15983 page https://www.suse.com/security/cve/CVE-2020-15984/ SUSE CVE CVE-2020-15984 page https://www.suse.com/security/cve/CVE-2020-15985/ SUSE CVE CVE-2020-15985 page https://www.suse.com/security/cve/CVE-2020-15986/ SUSE CVE CVE-2020-15986 page https://www.suse.com/security/cve/CVE-2020-15987/ SUSE CVE CVE-2020-15987 page https://www.suse.com/security/cve/CVE-2020-15988/ SUSE CVE CVE-2020-15988 page https://www.suse.com/security/cve/CVE-2020-15989/ SUSE CVE CVE-2020-15989 page https://www.suse.com/security/cve/CVE-2020-15990/ SUSE CVE CVE-2020-15990 page https://www.suse.com/security/cve/CVE-2020-15991/ SUSE CVE CVE-2020-15991 page https://www.suse.com/security/cve/CVE-2020-15992/ SUSE CVE CVE-2020-15992 page https://www.suse.com/security/cve/CVE-2020-15995/ SUSE CVE CVE-2020-15995 page https://www.suse.com/security/cve/CVE-2020-15999/ SUSE CVE CVE-2020-15999 page https://www.suse.com/security/cve/CVE-2020-16000/ SUSE CVE CVE-2020-16000 page https://www.suse.com/security/cve/CVE-2020-16001/ SUSE CVE CVE-2020-16001 page https://www.suse.com/security/cve/CVE-2020-16002/ SUSE CVE CVE-2020-16002 page https://www.suse.com/security/cve/CVE-2020-16003/ SUSE CVE CVE-2020-16003 page https://www.suse.com/security/cve/CVE-2020-16004/ SUSE CVE CVE-2020-16004 page https://www.suse.com/security/cve/CVE-2020-16005/ SUSE CVE CVE-2020-16005 page https://www.suse.com/security/cve/CVE-2020-16006/ SUSE CVE CVE-2020-16006 page https://www.suse.com/security/cve/CVE-2020-16007/ SUSE CVE CVE-2020-16007 page https://www.suse.com/security/cve/CVE-2020-16008/ SUSE CVE CVE-2020-16008 page https://www.suse.com/security/cve/CVE-2020-16009/ SUSE CVE CVE-2020-16009 page https://www.suse.com/security/cve/CVE-2020-16011/ SUSE CVE CVE-2020-16011 page https://www.suse.com/security/cve/CVE-2020-16012/ SUSE CVE CVE-2020-16012 page https://www.suse.com/security/cve/CVE-2020-16013/ SUSE CVE CVE-2020-16013 page https://www.suse.com/security/cve/CVE-2020-16014/ SUSE CVE CVE-2020-16014 page https://www.suse.com/security/cve/CVE-2020-16015/ SUSE CVE CVE-2020-16015 page https://www.suse.com/security/cve/CVE-2020-16016/ SUSE CVE CVE-2020-16016 page https://www.suse.com/security/cve/CVE-2020-16017/ SUSE CVE CVE-2020-16017 page https://www.suse.com/security/cve/CVE-2020-16018/ SUSE CVE CVE-2020-16018 page https://www.suse.com/security/cve/CVE-2020-16019/ SUSE CVE CVE-2020-16019 page https://www.suse.com/security/cve/CVE-2020-16020/ SUSE CVE CVE-2020-16020 page https://www.suse.com/security/cve/CVE-2020-16021/ SUSE CVE CVE-2020-16021 page https://www.suse.com/security/cve/CVE-2020-16022/ SUSE CVE CVE-2020-16022 page https://www.suse.com/security/cve/CVE-2020-16023/ SUSE CVE CVE-2020-16023 page https://www.suse.com/security/cve/CVE-2020-16024/ SUSE CVE CVE-2020-16024 page https://www.suse.com/security/cve/CVE-2020-16025/ SUSE CVE CVE-2020-16025 page https://www.suse.com/security/cve/CVE-2020-16026/ SUSE CVE CVE-2020-16026 page https://www.suse.com/security/cve/CVE-2020-16027/ SUSE CVE CVE-2020-16027 page https://www.suse.com/security/cve/CVE-2020-16028/ SUSE CVE CVE-2020-16028 page https://www.suse.com/security/cve/CVE-2020-16029/ SUSE CVE CVE-2020-16029 page https://www.suse.com/security/cve/CVE-2020-16030/ SUSE CVE CVE-2020-16030 page https://www.suse.com/security/cve/CVE-2020-16031/ SUSE CVE CVE-2020-16031 page https://www.suse.com/security/cve/CVE-2020-16032/ SUSE CVE CVE-2020-16032 page https://www.suse.com/security/cve/CVE-2020-16033/ SUSE CVE CVE-2020-16033 page https://www.suse.com/security/cve/CVE-2020-16034/ SUSE CVE CVE-2020-16034 page https://www.suse.com/security/cve/CVE-2020-16035/ SUSE CVE CVE-2020-16035 page https://www.suse.com/security/cve/CVE-2020-16036/ SUSE CVE CVE-2020-16036 page https://www.suse.com/security/cve/CVE-2020-16037/ SUSE CVE CVE-2020-16037 page https://www.suse.com/security/cve/CVE-2020-16038/ SUSE CVE CVE-2020-16038 page https://www.suse.com/security/cve/CVE-2020-16039/ SUSE CVE CVE-2020-16039 page https://www.suse.com/security/cve/CVE-2020-16040/ SUSE CVE CVE-2020-16040 page https://www.suse.com/security/cve/CVE-2020-16041/ SUSE CVE CVE-2020-16041 page https://www.suse.com/security/cve/CVE-2020-16042/ SUSE CVE CVE-2020-16042 page https://www.suse.com/security/cve/CVE-2020-16043/ SUSE CVE CVE-2020-16043 page https://www.suse.com/security/cve/CVE-2020-16044/ SUSE CVE CVE-2020-16044 page https://www.suse.com/security/cve/CVE-2020-27844/ SUSE CVE CVE-2020-27844 page https://www.suse.com/security/cve/CVE-2020-6377/ SUSE CVE CVE-2020-6377 page https://www.suse.com/security/cve/CVE-2020-6378/ SUSE CVE CVE-2020-6378 page https://www.suse.com/security/cve/CVE-2020-6379/ SUSE CVE CVE-2020-6379 page https://www.suse.com/security/cve/CVE-2020-6380/ SUSE CVE CVE-2020-6380 page https://www.suse.com/security/cve/CVE-2020-6381/ SUSE CVE CVE-2020-6381 page https://www.suse.com/security/cve/CVE-2020-6382/ SUSE CVE CVE-2020-6382 page https://www.suse.com/security/cve/CVE-2020-6385/ SUSE CVE CVE-2020-6385 page https://www.suse.com/security/cve/CVE-2020-6387/ SUSE CVE CVE-2020-6387 page https://www.suse.com/security/cve/CVE-2020-6388/ SUSE CVE CVE-2020-6388 page https://www.suse.com/security/cve/CVE-2020-6389/ SUSE CVE CVE-2020-6389 page https://www.suse.com/security/cve/CVE-2020-6390/ SUSE CVE CVE-2020-6390 page https://www.suse.com/security/cve/CVE-2020-6391/ SUSE CVE CVE-2020-6391 page https://www.suse.com/security/cve/CVE-2020-6392/ SUSE CVE CVE-2020-6392 page https://www.suse.com/security/cve/CVE-2020-6393/ SUSE CVE CVE-2020-6393 page https://www.suse.com/security/cve/CVE-2020-6394/ SUSE CVE CVE-2020-6394 page https://www.suse.com/security/cve/CVE-2020-6395/ SUSE CVE CVE-2020-6395 page https://www.suse.com/security/cve/CVE-2020-6396/ SUSE CVE CVE-2020-6396 page https://www.suse.com/security/cve/CVE-2020-6397/ SUSE CVE CVE-2020-6397 page https://www.suse.com/security/cve/CVE-2020-6398/ SUSE CVE CVE-2020-6398 page https://www.suse.com/security/cve/CVE-2020-6399/ SUSE CVE CVE-2020-6399 page https://www.suse.com/security/cve/CVE-2020-6400/ SUSE CVE CVE-2020-6400 page https://www.suse.com/security/cve/CVE-2020-6401/ SUSE CVE CVE-2020-6401 page https://www.suse.com/security/cve/CVE-2020-6402/ SUSE CVE CVE-2020-6402 page https://www.suse.com/security/cve/CVE-2020-6403/ SUSE CVE CVE-2020-6403 page https://www.suse.com/security/cve/CVE-2020-6404/ SUSE CVE CVE-2020-6404 page https://www.suse.com/security/cve/CVE-2020-6405/ SUSE CVE CVE-2020-6405 page https://www.suse.com/security/cve/CVE-2020-6406/ SUSE CVE CVE-2020-6406 page https://www.suse.com/security/cve/CVE-2020-6407/ SUSE CVE CVE-2020-6407 page https://www.suse.com/security/cve/CVE-2020-6408/ SUSE CVE CVE-2020-6408 page https://www.suse.com/security/cve/CVE-2020-6409/ SUSE CVE CVE-2020-6409 page https://www.suse.com/security/cve/CVE-2020-6410/ SUSE CVE CVE-2020-6410 page https://www.suse.com/security/cve/CVE-2020-6411/ SUSE CVE CVE-2020-6411 page https://www.suse.com/security/cve/CVE-2020-6412/ SUSE CVE CVE-2020-6412 page https://www.suse.com/security/cve/CVE-2020-6413/ SUSE CVE CVE-2020-6413 page https://www.suse.com/security/cve/CVE-2020-6414/ SUSE CVE CVE-2020-6414 page https://www.suse.com/security/cve/CVE-2020-6415/ SUSE CVE CVE-2020-6415 page https://www.suse.com/security/cve/CVE-2020-6416/ SUSE CVE CVE-2020-6416 page https://www.suse.com/security/cve/CVE-2020-6417/ SUSE CVE CVE-2020-6417 page https://www.suse.com/security/cve/CVE-2020-6418/ SUSE CVE CVE-2020-6418 page https://www.suse.com/security/cve/CVE-2020-6420/ SUSE CVE CVE-2020-6420 page https://www.suse.com/security/cve/CVE-2020-6422/ SUSE CVE CVE-2020-6422 page https://www.suse.com/security/cve/CVE-2020-6423/ SUSE CVE CVE-2020-6423 page https://www.suse.com/security/cve/CVE-2020-6424/ SUSE CVE CVE-2020-6424 page https://www.suse.com/security/cve/CVE-2020-6425/ SUSE CVE CVE-2020-6425 page https://www.suse.com/security/cve/CVE-2020-6426/ SUSE CVE CVE-2020-6426 page https://www.suse.com/security/cve/CVE-2020-6427/ SUSE CVE CVE-2020-6427 page https://www.suse.com/security/cve/CVE-2020-6428/ SUSE CVE CVE-2020-6428 page https://www.suse.com/security/cve/CVE-2020-6429/ SUSE CVE CVE-2020-6429 page https://www.suse.com/security/cve/CVE-2020-6430/ SUSE CVE CVE-2020-6430 page https://www.suse.com/security/cve/CVE-2020-6431/ SUSE CVE CVE-2020-6431 page https://www.suse.com/security/cve/CVE-2020-6432/ SUSE CVE CVE-2020-6432 page https://www.suse.com/security/cve/CVE-2020-6433/ SUSE CVE CVE-2020-6433 page https://www.suse.com/security/cve/CVE-2020-6434/ SUSE CVE CVE-2020-6434 page https://www.suse.com/security/cve/CVE-2020-6435/ SUSE CVE CVE-2020-6435 page https://www.suse.com/security/cve/CVE-2020-6436/ SUSE CVE CVE-2020-6436 page https://www.suse.com/security/cve/CVE-2020-6437/ SUSE CVE CVE-2020-6437 page https://www.suse.com/security/cve/CVE-2020-6438/ SUSE CVE CVE-2020-6438 page https://www.suse.com/security/cve/CVE-2020-6439/ SUSE CVE CVE-2020-6439 page https://www.suse.com/security/cve/CVE-2020-6440/ SUSE CVE CVE-2020-6440 page https://www.suse.com/security/cve/CVE-2020-6441/ SUSE CVE CVE-2020-6441 page https://www.suse.com/security/cve/CVE-2020-6442/ SUSE CVE CVE-2020-6442 page https://www.suse.com/security/cve/CVE-2020-6443/ SUSE CVE CVE-2020-6443 page https://www.suse.com/security/cve/CVE-2020-6444/ SUSE CVE CVE-2020-6444 page https://www.suse.com/security/cve/CVE-2020-6445/ SUSE CVE CVE-2020-6445 page https://www.suse.com/security/cve/CVE-2020-6446/ SUSE CVE CVE-2020-6446 page https://www.suse.com/security/cve/CVE-2020-6447/ SUSE CVE CVE-2020-6447 page https://www.suse.com/security/cve/CVE-2020-6448/ SUSE CVE CVE-2020-6448 page https://www.suse.com/security/cve/CVE-2020-6449/ SUSE CVE CVE-2020-6449 page https://www.suse.com/security/cve/CVE-2020-6450/ SUSE CVE CVE-2020-6450 page https://www.suse.com/security/cve/CVE-2020-6451/ SUSE CVE CVE-2020-6451 page https://www.suse.com/security/cve/CVE-2020-6452/ SUSE CVE CVE-2020-6452 page https://www.suse.com/security/cve/CVE-2020-6454/ SUSE CVE CVE-2020-6454 page https://www.suse.com/security/cve/CVE-2020-6455/ SUSE CVE CVE-2020-6455 page https://www.suse.com/security/cve/CVE-2020-6456/ SUSE CVE CVE-2020-6456 page https://www.suse.com/security/cve/CVE-2020-6457/ SUSE CVE CVE-2020-6457 page https://www.suse.com/security/cve/CVE-2020-6458/ SUSE CVE CVE-2020-6458 page https://www.suse.com/security/cve/CVE-2020-6459/ SUSE CVE CVE-2020-6459 page https://www.suse.com/security/cve/CVE-2020-6460/ SUSE CVE CVE-2020-6460 page https://www.suse.com/security/cve/CVE-2020-6462/ SUSE CVE CVE-2020-6462 page https://www.suse.com/security/cve/CVE-2020-6463/ SUSE CVE CVE-2020-6463 page https://www.suse.com/security/cve/CVE-2020-6464/ SUSE CVE CVE-2020-6464 page https://www.suse.com/security/cve/CVE-2020-6465/ SUSE CVE CVE-2020-6465 page https://www.suse.com/security/cve/CVE-2020-6466/ SUSE CVE CVE-2020-6466 page https://www.suse.com/security/cve/CVE-2020-6467/ SUSE CVE CVE-2020-6467 page https://www.suse.com/security/cve/CVE-2020-6468/ SUSE CVE CVE-2020-6468 page https://www.suse.com/security/cve/CVE-2020-6469/ SUSE CVE CVE-2020-6469 page https://www.suse.com/security/cve/CVE-2020-6470/ SUSE CVE CVE-2020-6470 page https://www.suse.com/security/cve/CVE-2020-6471/ SUSE CVE CVE-2020-6471 page https://www.suse.com/security/cve/CVE-2020-6472/ SUSE CVE CVE-2020-6472 page https://www.suse.com/security/cve/CVE-2020-6473/ SUSE CVE CVE-2020-6473 page https://www.suse.com/security/cve/CVE-2020-6474/ SUSE CVE CVE-2020-6474 page https://www.suse.com/security/cve/CVE-2020-6475/ SUSE CVE CVE-2020-6475 page https://www.suse.com/security/cve/CVE-2020-6476/ SUSE CVE CVE-2020-6476 page https://www.suse.com/security/cve/CVE-2020-6477/ SUSE CVE CVE-2020-6477 page https://www.suse.com/security/cve/CVE-2020-6478/ SUSE CVE CVE-2020-6478 page https://www.suse.com/security/cve/CVE-2020-6479/ SUSE CVE CVE-2020-6479 page https://www.suse.com/security/cve/CVE-2020-6480/ SUSE CVE CVE-2020-6480 page https://www.suse.com/security/cve/CVE-2020-6481/ SUSE CVE CVE-2020-6481 page https://www.suse.com/security/cve/CVE-2020-6482/ SUSE CVE CVE-2020-6482 page https://www.suse.com/security/cve/CVE-2020-6483/ SUSE CVE CVE-2020-6483 page https://www.suse.com/security/cve/CVE-2020-6484/ SUSE CVE CVE-2020-6484 page https://www.suse.com/security/cve/CVE-2020-6485/ SUSE CVE CVE-2020-6485 page https://www.suse.com/security/cve/CVE-2020-6486/ SUSE CVE CVE-2020-6486 page https://www.suse.com/security/cve/CVE-2020-6487/ SUSE CVE CVE-2020-6487 page https://www.suse.com/security/cve/CVE-2020-6488/ SUSE CVE CVE-2020-6488 page https://www.suse.com/security/cve/CVE-2020-6489/ SUSE CVE CVE-2020-6489 page https://www.suse.com/security/cve/CVE-2020-6490/ SUSE CVE CVE-2020-6490 page https://www.suse.com/security/cve/CVE-2020-6491/ SUSE CVE CVE-2020-6491 page https://www.suse.com/security/cve/CVE-2020-6493/ SUSE CVE CVE-2020-6493 page https://www.suse.com/security/cve/CVE-2020-6494/ SUSE CVE CVE-2020-6494 page https://www.suse.com/security/cve/CVE-2020-6495/ SUSE CVE CVE-2020-6495 page https://www.suse.com/security/cve/CVE-2020-6496/ SUSE CVE CVE-2020-6496 page https://www.suse.com/security/cve/CVE-2020-6505/ SUSE CVE CVE-2020-6505 page https://www.suse.com/security/cve/CVE-2020-6506/ SUSE CVE CVE-2020-6506 page https://www.suse.com/security/cve/CVE-2020-6507/ SUSE CVE CVE-2020-6507 page https://www.suse.com/security/cve/CVE-2020-6509/ SUSE CVE CVE-2020-6509 page https://www.suse.com/security/cve/CVE-2020-6510/ SUSE CVE CVE-2020-6510 page https://www.suse.com/security/cve/CVE-2020-6511/ SUSE CVE CVE-2020-6511 page https://www.suse.com/security/cve/CVE-2020-6512/ SUSE CVE CVE-2020-6512 page https://www.suse.com/security/cve/CVE-2020-6513/ SUSE CVE CVE-2020-6513 page https://www.suse.com/security/cve/CVE-2020-6514/ SUSE CVE CVE-2020-6514 page https://www.suse.com/security/cve/CVE-2020-6515/ SUSE CVE CVE-2020-6515 page https://www.suse.com/security/cve/CVE-2020-6516/ SUSE CVE CVE-2020-6516 page https://www.suse.com/security/cve/CVE-2020-6517/ SUSE CVE CVE-2020-6517 page https://www.suse.com/security/cve/CVE-2020-6518/ SUSE CVE CVE-2020-6518 page https://www.suse.com/security/cve/CVE-2020-6519/ SUSE CVE CVE-2020-6519 page https://www.suse.com/security/cve/CVE-2020-6520/ SUSE CVE CVE-2020-6520 page https://www.suse.com/security/cve/CVE-2020-6521/ SUSE CVE CVE-2020-6521 page https://www.suse.com/security/cve/CVE-2020-6522/ SUSE CVE CVE-2020-6522 page https://www.suse.com/security/cve/CVE-2020-6523/ SUSE CVE CVE-2020-6523 page https://www.suse.com/security/cve/CVE-2020-6524/ SUSE CVE CVE-2020-6524 page https://www.suse.com/security/cve/CVE-2020-6525/ SUSE CVE CVE-2020-6525 page https://www.suse.com/security/cve/CVE-2020-6526/ SUSE CVE CVE-2020-6526 page https://www.suse.com/security/cve/CVE-2020-6527/ SUSE CVE CVE-2020-6527 page https://www.suse.com/security/cve/CVE-2020-6528/ SUSE CVE CVE-2020-6528 page https://www.suse.com/security/cve/CVE-2020-6529/ SUSE CVE CVE-2020-6529 page https://www.suse.com/security/cve/CVE-2020-6530/ SUSE CVE CVE-2020-6530 page https://www.suse.com/security/cve/CVE-2020-6531/ SUSE CVE CVE-2020-6531 page https://www.suse.com/security/cve/CVE-2020-6532/ SUSE CVE CVE-2020-6532 page https://www.suse.com/security/cve/CVE-2020-6533/ SUSE CVE CVE-2020-6533 page https://www.suse.com/security/cve/CVE-2020-6534/ SUSE CVE CVE-2020-6534 page https://www.suse.com/security/cve/CVE-2020-6535/ SUSE CVE CVE-2020-6535 page https://www.suse.com/security/cve/CVE-2020-6536/ SUSE CVE CVE-2020-6536 page https://www.suse.com/security/cve/CVE-2020-6537/ SUSE CVE CVE-2020-6537 page https://www.suse.com/security/cve/CVE-2020-6538/ SUSE CVE CVE-2020-6538 page https://www.suse.com/security/cve/CVE-2020-6539/ SUSE CVE CVE-2020-6539 page https://www.suse.com/security/cve/CVE-2020-6540/ SUSE CVE CVE-2020-6540 page https://www.suse.com/security/cve/CVE-2020-6541/ SUSE CVE CVE-2020-6541 page https://www.suse.com/security/cve/CVE-2020-6542/ SUSE CVE CVE-2020-6542 page https://www.suse.com/security/cve/CVE-2020-6543/ SUSE CVE CVE-2020-6543 page https://www.suse.com/security/cve/CVE-2020-6544/ SUSE CVE CVE-2020-6544 page https://www.suse.com/security/cve/CVE-2020-6545/ SUSE CVE CVE-2020-6545 page https://www.suse.com/security/cve/CVE-2020-6546/ SUSE CVE CVE-2020-6546 page https://www.suse.com/security/cve/CVE-2020-6547/ SUSE CVE CVE-2020-6547 page https://www.suse.com/security/cve/CVE-2020-6548/ SUSE CVE CVE-2020-6548 page https://www.suse.com/security/cve/CVE-2020-6549/ SUSE CVE CVE-2020-6549 page https://www.suse.com/security/cve/CVE-2020-6550/ SUSE CVE CVE-2020-6550 page https://www.suse.com/security/cve/CVE-2020-6551/ SUSE CVE CVE-2020-6551 page https://www.suse.com/security/cve/CVE-2020-6552/ SUSE CVE CVE-2020-6552 page https://www.suse.com/security/cve/CVE-2020-6553/ SUSE CVE CVE-2020-6553 page https://www.suse.com/security/cve/CVE-2020-6554/ SUSE CVE CVE-2020-6554 page https://www.suse.com/security/cve/CVE-2020-6555/ SUSE CVE CVE-2020-6555 page https://www.suse.com/security/cve/CVE-2020-6556/ SUSE CVE CVE-2020-6556 page https://www.suse.com/security/cve/CVE-2020-6557/ SUSE CVE CVE-2020-6557 page https://www.suse.com/security/cve/CVE-2020-6558/ SUSE CVE CVE-2020-6558 page https://www.suse.com/security/cve/CVE-2020-6559/ SUSE CVE CVE-2020-6559 page https://www.suse.com/security/cve/CVE-2020-6560/ SUSE CVE CVE-2020-6560 page https://www.suse.com/security/cve/CVE-2020-6561/ SUSE CVE CVE-2020-6561 page https://www.suse.com/security/cve/CVE-2020-6562/ SUSE CVE CVE-2020-6562 page https://www.suse.com/security/cve/CVE-2020-6563/ SUSE CVE CVE-2020-6563 page https://www.suse.com/security/cve/CVE-2020-6564/ SUSE CVE CVE-2020-6564 page https://www.suse.com/security/cve/CVE-2020-6565/ SUSE CVE CVE-2020-6565 page https://www.suse.com/security/cve/CVE-2020-6566/ SUSE CVE CVE-2020-6566 page https://www.suse.com/security/cve/CVE-2020-6567/ SUSE CVE CVE-2020-6567 page https://www.suse.com/security/cve/CVE-2020-6568/ SUSE CVE CVE-2020-6568 page https://www.suse.com/security/cve/CVE-2020-6569/ SUSE CVE CVE-2020-6569 page https://www.suse.com/security/cve/CVE-2020-6570/ SUSE CVE CVE-2020-6570 page https://www.suse.com/security/cve/CVE-2020-6571/ SUSE CVE CVE-2020-6571 page https://www.suse.com/security/cve/CVE-2020-6573/ SUSE CVE CVE-2020-6573 page https://www.suse.com/security/cve/CVE-2020-6574/ SUSE CVE CVE-2020-6574 page https://www.suse.com/security/cve/CVE-2020-6575/ SUSE CVE CVE-2020-6575 page https://www.suse.com/security/cve/CVE-2020-6576/ SUSE CVE CVE-2020-6576 page https://www.suse.com/security/cve/CVE-2020-6831/ SUSE CVE CVE-2020-6831 page https://www.suse.com/security/cve/CVE-2021-21106/ SUSE CVE CVE-2021-21106 page https://www.suse.com/security/cve/CVE-2021-21107/ SUSE CVE CVE-2021-21107 page https://www.suse.com/security/cve/CVE-2021-21108/ SUSE CVE CVE-2021-21108 page https://www.suse.com/security/cve/CVE-2021-21109/ SUSE CVE CVE-2021-21109 page https://www.suse.com/security/cve/CVE-2021-21110/ SUSE CVE CVE-2021-21110 page https://www.suse.com/security/cve/CVE-2021-21111/ SUSE CVE CVE-2021-21111 page https://www.suse.com/security/cve/CVE-2021-21112/ SUSE CVE CVE-2021-21112 page https://www.suse.com/security/cve/CVE-2021-21113/ SUSE CVE CVE-2021-21113 page https://www.suse.com/security/cve/CVE-2021-21114/ SUSE CVE CVE-2021-21114 page https://www.suse.com/security/cve/CVE-2021-21115/ SUSE CVE CVE-2021-21115 page https://www.suse.com/security/cve/CVE-2021-21116/ SUSE CVE CVE-2021-21116 page https://www.suse.com/security/cve/CVE-2021-21117/ SUSE CVE CVE-2021-21117 page https://www.suse.com/security/cve/CVE-2021-21118/ SUSE CVE CVE-2021-21118 page https://www.suse.com/security/cve/CVE-2021-21119/ SUSE CVE CVE-2021-21119 page https://www.suse.com/security/cve/CVE-2021-21120/ SUSE CVE CVE-2021-21120 page https://www.suse.com/security/cve/CVE-2021-21121/ SUSE CVE CVE-2021-21121 page https://www.suse.com/security/cve/CVE-2021-21122/ SUSE CVE CVE-2021-21122 page https://www.suse.com/security/cve/CVE-2021-21123/ SUSE CVE CVE-2021-21123 page https://www.suse.com/security/cve/CVE-2021-21124/ SUSE CVE CVE-2021-21124 page https://www.suse.com/security/cve/CVE-2021-21125/ SUSE CVE CVE-2021-21125 page https://www.suse.com/security/cve/CVE-2021-21126/ SUSE CVE CVE-2021-21126 page https://www.suse.com/security/cve/CVE-2021-21127/ SUSE CVE CVE-2021-21127 page https://www.suse.com/security/cve/CVE-2021-21128/ SUSE CVE CVE-2021-21128 page https://www.suse.com/security/cve/CVE-2021-21129/ SUSE CVE CVE-2021-21129 page https://www.suse.com/security/cve/CVE-2021-21130/ SUSE CVE CVE-2021-21130 page https://www.suse.com/security/cve/CVE-2021-21131/ SUSE CVE CVE-2021-21131 page https://www.suse.com/security/cve/CVE-2021-21132/ SUSE CVE CVE-2021-21132 page https://www.suse.com/security/cve/CVE-2021-21133/ SUSE CVE CVE-2021-21133 page https://www.suse.com/security/cve/CVE-2021-21134/ SUSE CVE CVE-2021-21134 page https://www.suse.com/security/cve/CVE-2021-21135/ SUSE CVE CVE-2021-21135 page https://www.suse.com/security/cve/CVE-2021-21136/ SUSE CVE CVE-2021-21136 page https://www.suse.com/security/cve/CVE-2021-21137/ SUSE CVE CVE-2021-21137 page https://www.suse.com/security/cve/CVE-2021-21138/ SUSE CVE CVE-2021-21138 page https://www.suse.com/security/cve/CVE-2021-21139/ SUSE CVE CVE-2021-21139 page https://www.suse.com/security/cve/CVE-2021-21140/ SUSE CVE CVE-2021-21140 page https://www.suse.com/security/cve/CVE-2021-21141/ SUSE CVE CVE-2021-21141 page https://www.suse.com/security/cve/CVE-2021-21142/ SUSE CVE CVE-2021-21142 page https://www.suse.com/security/cve/CVE-2021-21143/ SUSE CVE CVE-2021-21143 page https://www.suse.com/security/cve/CVE-2021-21144/ SUSE CVE CVE-2021-21144 page https://www.suse.com/security/cve/CVE-2021-21145/ SUSE CVE CVE-2021-21145 page https://www.suse.com/security/cve/CVE-2021-21146/ SUSE CVE CVE-2021-21146 page https://www.suse.com/security/cve/CVE-2021-21147/ SUSE CVE CVE-2021-21147 page https://www.suse.com/security/cve/CVE-2021-21148/ SUSE CVE CVE-2021-21148 page https://www.suse.com/security/cve/CVE-2021-21149/ SUSE CVE CVE-2021-21149 page https://www.suse.com/security/cve/CVE-2021-21150/ SUSE CVE CVE-2021-21150 page https://www.suse.com/security/cve/CVE-2021-21151/ SUSE CVE CVE-2021-21151 page https://www.suse.com/security/cve/CVE-2021-21152/ SUSE CVE CVE-2021-21152 page https://www.suse.com/security/cve/CVE-2021-21153/ SUSE CVE CVE-2021-21153 page https://www.suse.com/security/cve/CVE-2021-21154/ SUSE CVE CVE-2021-21154 page https://www.suse.com/security/cve/CVE-2021-21155/ SUSE CVE CVE-2021-21155 page https://www.suse.com/security/cve/CVE-2021-21156/ SUSE CVE CVE-2021-21156 page https://www.suse.com/security/cve/CVE-2021-21157/ SUSE CVE CVE-2021-21157 page https://www.suse.com/security/cve/CVE-2021-21159/ SUSE CVE CVE-2021-21159 page https://www.suse.com/security/cve/CVE-2021-21160/ SUSE CVE CVE-2021-21160 page https://www.suse.com/security/cve/CVE-2021-21161/ SUSE CVE CVE-2021-21161 page https://www.suse.com/security/cve/CVE-2021-21162/ SUSE CVE CVE-2021-21162 page https://www.suse.com/security/cve/CVE-2021-21163/ SUSE CVE CVE-2021-21163 page https://www.suse.com/security/cve/CVE-2021-21164/ SUSE CVE CVE-2021-21164 page https://www.suse.com/security/cve/CVE-2021-21165/ SUSE CVE CVE-2021-21165 page https://www.suse.com/security/cve/CVE-2021-21166/ SUSE CVE CVE-2021-21166 page https://www.suse.com/security/cve/CVE-2021-21167/ SUSE CVE CVE-2021-21167 page https://www.suse.com/security/cve/CVE-2021-21168/ SUSE CVE CVE-2021-21168 page https://www.suse.com/security/cve/CVE-2021-21169/ SUSE CVE CVE-2021-21169 page https://www.suse.com/security/cve/CVE-2021-21170/ SUSE CVE CVE-2021-21170 page https://www.suse.com/security/cve/CVE-2021-21171/ SUSE CVE CVE-2021-21171 page https://www.suse.com/security/cve/CVE-2021-21172/ SUSE CVE CVE-2021-21172 page https://www.suse.com/security/cve/CVE-2021-21173/ SUSE CVE CVE-2021-21173 page https://www.suse.com/security/cve/CVE-2021-21174/ SUSE CVE CVE-2021-21174 page https://www.suse.com/security/cve/CVE-2021-21175/ SUSE CVE CVE-2021-21175 page https://www.suse.com/security/cve/CVE-2021-21176/ SUSE CVE CVE-2021-21176 page https://www.suse.com/security/cve/CVE-2021-21177/ SUSE CVE CVE-2021-21177 page https://www.suse.com/security/cve/CVE-2021-21178/ SUSE CVE CVE-2021-21178 page https://www.suse.com/security/cve/CVE-2021-21179/ SUSE CVE CVE-2021-21179 page https://www.suse.com/security/cve/CVE-2021-21180/ SUSE CVE CVE-2021-21180 page https://www.suse.com/security/cve/CVE-2021-21181/ SUSE CVE CVE-2021-21181 page https://www.suse.com/security/cve/CVE-2021-21182/ SUSE CVE CVE-2021-21182 page https://www.suse.com/security/cve/CVE-2021-21183/ SUSE CVE CVE-2021-21183 page https://www.suse.com/security/cve/CVE-2021-21184/ SUSE CVE CVE-2021-21184 page https://www.suse.com/security/cve/CVE-2021-21185/ SUSE CVE CVE-2021-21185 page https://www.suse.com/security/cve/CVE-2021-21186/ SUSE CVE CVE-2021-21186 page https://www.suse.com/security/cve/CVE-2021-21187/ SUSE CVE CVE-2021-21187 page https://www.suse.com/security/cve/CVE-2021-21188/ SUSE CVE CVE-2021-21188 page https://www.suse.com/security/cve/CVE-2021-21189/ SUSE CVE CVE-2021-21189 page https://www.suse.com/security/cve/CVE-2021-21190/ SUSE CVE CVE-2021-21190 page https://www.suse.com/security/cve/CVE-2021-21191/ SUSE CVE CVE-2021-21191 page https://www.suse.com/security/cve/CVE-2021-21192/ SUSE CVE CVE-2021-21192 page https://www.suse.com/security/cve/CVE-2021-21193/ SUSE CVE CVE-2021-21193 page https://www.suse.com/security/cve/CVE-2021-21194/ SUSE CVE CVE-2021-21194 page https://www.suse.com/security/cve/CVE-2021-21195/ SUSE CVE CVE-2021-21195 page https://www.suse.com/security/cve/CVE-2021-21196/ SUSE CVE CVE-2021-21196 page https://www.suse.com/security/cve/CVE-2021-21197/ SUSE CVE CVE-2021-21197 page https://www.suse.com/security/cve/CVE-2021-21198/ SUSE CVE CVE-2021-21198 page https://www.suse.com/security/cve/CVE-2021-21199/ SUSE CVE CVE-2021-21199 page https://www.suse.com/security/cve/CVE-2021-21201/ SUSE CVE CVE-2021-21201 page https://www.suse.com/security/cve/CVE-2021-21202/ SUSE CVE CVE-2021-21202 page https://www.suse.com/security/cve/CVE-2021-21203/ SUSE CVE CVE-2021-21203 page https://www.suse.com/security/cve/CVE-2021-21204/ SUSE CVE CVE-2021-21204 page https://www.suse.com/security/cve/CVE-2021-21205/ SUSE CVE CVE-2021-21205 page https://www.suse.com/security/cve/CVE-2021-21206/ SUSE CVE CVE-2021-21206 page https://www.suse.com/security/cve/CVE-2021-21207/ SUSE CVE CVE-2021-21207 page https://www.suse.com/security/cve/CVE-2021-21208/ SUSE CVE CVE-2021-21208 page https://www.suse.com/security/cve/CVE-2021-21209/ SUSE CVE CVE-2021-21209 page https://www.suse.com/security/cve/CVE-2021-21210/ SUSE CVE CVE-2021-21210 page https://www.suse.com/security/cve/CVE-2021-21211/ SUSE CVE CVE-2021-21211 page https://www.suse.com/security/cve/CVE-2021-21212/ SUSE CVE CVE-2021-21212 page https://www.suse.com/security/cve/CVE-2021-21213/ SUSE CVE CVE-2021-21213 page https://www.suse.com/security/cve/CVE-2021-21214/ SUSE CVE CVE-2021-21214 page https://www.suse.com/security/cve/CVE-2021-21215/ SUSE CVE CVE-2021-21215 page https://www.suse.com/security/cve/CVE-2021-21216/ SUSE CVE CVE-2021-21216 page https://www.suse.com/security/cve/CVE-2021-21217/ SUSE CVE CVE-2021-21217 page https://www.suse.com/security/cve/CVE-2021-21218/ SUSE CVE CVE-2021-21218 page https://www.suse.com/security/cve/CVE-2021-21219/ SUSE CVE CVE-2021-21219 page https://www.suse.com/security/cve/CVE-2021-21220/ SUSE CVE CVE-2021-21220 page https://www.suse.com/security/cve/CVE-2021-21221/ SUSE CVE CVE-2021-21221 page https://www.suse.com/security/cve/CVE-2021-21222/ SUSE CVE CVE-2021-21222 page https://www.suse.com/security/cve/CVE-2021-21223/ SUSE CVE CVE-2021-21223 page https://www.suse.com/security/cve/CVE-2021-21224/ SUSE CVE CVE-2021-21224 page https://www.suse.com/security/cve/CVE-2021-21225/ SUSE CVE CVE-2021-21225 page https://www.suse.com/security/cve/CVE-2021-21226/ SUSE CVE CVE-2021-21226 page https://www.suse.com/security/cve/CVE-2021-21227/ SUSE CVE CVE-2021-21227 page https://www.suse.com/security/cve/CVE-2021-21228/ SUSE CVE CVE-2021-21228 page https://www.suse.com/security/cve/CVE-2021-21229/ SUSE CVE CVE-2021-21229 page https://www.suse.com/security/cve/CVE-2021-21230/ SUSE CVE CVE-2021-21230 page https://www.suse.com/security/cve/CVE-2021-21231/ SUSE CVE CVE-2021-21231 page https://www.suse.com/security/cve/CVE-2021-21232/ SUSE CVE CVE-2021-21232 page https://www.suse.com/security/cve/CVE-2021-21233/ SUSE CVE CVE-2021-21233 page https://www.suse.com/security/cve/CVE-2021-30506/ SUSE CVE CVE-2021-30506 page https://www.suse.com/security/cve/CVE-2021-30507/ SUSE CVE CVE-2021-30507 page https://www.suse.com/security/cve/CVE-2021-30508/ SUSE CVE CVE-2021-30508 page https://www.suse.com/security/cve/CVE-2021-30509/ SUSE CVE CVE-2021-30509 page https://www.suse.com/security/cve/CVE-2021-30510/ SUSE CVE CVE-2021-30510 page https://www.suse.com/security/cve/CVE-2021-30511/ SUSE CVE CVE-2021-30511 page https://www.suse.com/security/cve/CVE-2021-30512/ SUSE CVE CVE-2021-30512 page https://www.suse.com/security/cve/CVE-2021-30513/ SUSE CVE CVE-2021-30513 page https://www.suse.com/security/cve/CVE-2021-30514/ SUSE CVE CVE-2021-30514 page https://www.suse.com/security/cve/CVE-2021-30515/ SUSE CVE CVE-2021-30515 page https://www.suse.com/security/cve/CVE-2021-30516/ SUSE CVE CVE-2021-30516 page https://www.suse.com/security/cve/CVE-2021-30517/ SUSE CVE CVE-2021-30517 page https://www.suse.com/security/cve/CVE-2021-30518/ SUSE CVE CVE-2021-30518 page https://www.suse.com/security/cve/CVE-2021-30519/ SUSE CVE CVE-2021-30519 page https://www.suse.com/security/cve/CVE-2021-30520/ SUSE CVE CVE-2021-30520 page https://www.suse.com/security/cve/CVE-2021-30521/ SUSE CVE CVE-2021-30521 page https://www.suse.com/security/cve/CVE-2021-30522/ SUSE CVE CVE-2021-30522 page https://www.suse.com/security/cve/CVE-2021-30523/ SUSE CVE CVE-2021-30523 page https://www.suse.com/security/cve/CVE-2021-30524/ SUSE CVE CVE-2021-30524 page https://www.suse.com/security/cve/CVE-2021-30525/ SUSE CVE CVE-2021-30525 page https://www.suse.com/security/cve/CVE-2021-30526/ SUSE CVE CVE-2021-30526 page https://www.suse.com/security/cve/CVE-2021-30527/ SUSE CVE CVE-2021-30527 page https://www.suse.com/security/cve/CVE-2021-30528/ SUSE CVE CVE-2021-30528 page https://www.suse.com/security/cve/CVE-2021-30529/ SUSE CVE CVE-2021-30529 page https://www.suse.com/security/cve/CVE-2021-30530/ SUSE CVE CVE-2021-30530 page https://www.suse.com/security/cve/CVE-2021-30531/ SUSE CVE CVE-2021-30531 page https://www.suse.com/security/cve/CVE-2021-30532/ SUSE CVE CVE-2021-30532 page https://www.suse.com/security/cve/CVE-2021-30533/ SUSE CVE CVE-2021-30533 page https://www.suse.com/security/cve/CVE-2021-30534/ SUSE CVE CVE-2021-30534 page https://www.suse.com/security/cve/CVE-2021-30535/ SUSE CVE CVE-2021-30535 page https://www.suse.com/security/cve/CVE-2021-30536/ SUSE CVE CVE-2021-30536 page https://www.suse.com/security/cve/CVE-2021-30537/ SUSE CVE CVE-2021-30537 page https://www.suse.com/security/cve/CVE-2021-30538/ SUSE CVE CVE-2021-30538 page https://www.suse.com/security/cve/CVE-2021-30539/ SUSE CVE CVE-2021-30539 page https://www.suse.com/security/cve/CVE-2021-30540/ SUSE CVE CVE-2021-30540 page https://www.suse.com/security/cve/CVE-2021-30541/ SUSE CVE CVE-2021-30541 page https://www.suse.com/security/cve/CVE-2021-30544/ SUSE CVE CVE-2021-30544 page https://www.suse.com/security/cve/CVE-2021-30545/ SUSE CVE CVE-2021-30545 page https://www.suse.com/security/cve/CVE-2021-30546/ SUSE CVE CVE-2021-30546 page https://www.suse.com/security/cve/CVE-2021-30547/ SUSE CVE CVE-2021-30547 page https://www.suse.com/security/cve/CVE-2021-30548/ SUSE CVE CVE-2021-30548 page https://www.suse.com/security/cve/CVE-2021-30549/ SUSE CVE CVE-2021-30549 page https://www.suse.com/security/cve/CVE-2021-30550/ SUSE CVE CVE-2021-30550 page https://www.suse.com/security/cve/CVE-2021-30551/ SUSE CVE CVE-2021-30551 page https://www.suse.com/security/cve/CVE-2021-30552/ SUSE CVE CVE-2021-30552 page https://www.suse.com/security/cve/CVE-2021-30553/ SUSE CVE CVE-2021-30553 page https://www.suse.com/security/cve/CVE-2021-30554/ SUSE CVE CVE-2021-30554 page https://www.suse.com/security/cve/CVE-2021-30555/ SUSE CVE CVE-2021-30555 page https://www.suse.com/security/cve/CVE-2021-30556/ SUSE CVE CVE-2021-30556 page https://www.suse.com/security/cve/CVE-2021-30557/ SUSE CVE CVE-2021-30557 page https://www.suse.com/security/cve/CVE-2021-30559/ SUSE CVE CVE-2021-30559 page https://www.suse.com/security/cve/CVE-2021-30560/ SUSE CVE CVE-2021-30560 page https://www.suse.com/security/cve/CVE-2021-30561/ SUSE CVE CVE-2021-30561 page https://www.suse.com/security/cve/CVE-2021-30562/ SUSE CVE CVE-2021-30562 page https://www.suse.com/security/cve/CVE-2021-30563/ SUSE CVE CVE-2021-30563 page https://www.suse.com/security/cve/CVE-2021-30564/ SUSE CVE CVE-2021-30564 page https://www.suse.com/security/cve/CVE-2021-30565/ SUSE CVE CVE-2021-30565 page https://www.suse.com/security/cve/CVE-2021-30566/ SUSE CVE CVE-2021-30566 page https://www.suse.com/security/cve/CVE-2021-30567/ SUSE CVE CVE-2021-30567 page https://www.suse.com/security/cve/CVE-2021-30568/ SUSE CVE CVE-2021-30568 page https://www.suse.com/security/cve/CVE-2021-30569/ SUSE CVE CVE-2021-30569 page https://www.suse.com/security/cve/CVE-2021-30571/ SUSE CVE CVE-2021-30571 page https://www.suse.com/security/cve/CVE-2021-30572/ SUSE CVE CVE-2021-30572 page https://www.suse.com/security/cve/CVE-2021-30573/ SUSE CVE CVE-2021-30573 page https://www.suse.com/security/cve/CVE-2021-30574/ SUSE CVE CVE-2021-30574 page https://www.suse.com/security/cve/CVE-2021-30575/ SUSE CVE CVE-2021-30575 page https://www.suse.com/security/cve/CVE-2021-30576/ SUSE CVE CVE-2021-30576 page https://www.suse.com/security/cve/CVE-2021-30577/ SUSE CVE CVE-2021-30577 page https://www.suse.com/security/cve/CVE-2021-30578/ SUSE CVE CVE-2021-30578 page https://www.suse.com/security/cve/CVE-2021-30579/ SUSE CVE CVE-2021-30579 page https://www.suse.com/security/cve/CVE-2021-30581/ SUSE CVE CVE-2021-30581 page https://www.suse.com/security/cve/CVE-2021-30582/ SUSE CVE CVE-2021-30582 page https://www.suse.com/security/cve/CVE-2021-30584/ SUSE CVE CVE-2021-30584 page https://www.suse.com/security/cve/CVE-2021-30585/ SUSE CVE CVE-2021-30585 page https://www.suse.com/security/cve/CVE-2021-30588/ SUSE CVE CVE-2021-30588 page https://www.suse.com/security/cve/CVE-2021-30589/ SUSE CVE CVE-2021-30589 page https://www.suse.com/security/cve/CVE-2021-30590/ SUSE CVE CVE-2021-30590 page https://www.suse.com/security/cve/CVE-2021-30591/ SUSE CVE CVE-2021-30591 page https://www.suse.com/security/cve/CVE-2021-30592/ SUSE CVE CVE-2021-30592 page https://www.suse.com/security/cve/CVE-2021-30593/ SUSE CVE CVE-2021-30593 page https://www.suse.com/security/cve/CVE-2021-30594/ SUSE CVE CVE-2021-30594 page https://www.suse.com/security/cve/CVE-2021-30596/ SUSE CVE CVE-2021-30596 page https://www.suse.com/security/cve/CVE-2021-30597/ SUSE CVE CVE-2021-30597 page https://www.suse.com/security/cve/CVE-2021-30598/ SUSE CVE CVE-2021-30598 page https://www.suse.com/security/cve/CVE-2021-30599/ SUSE CVE CVE-2021-30599 page https://www.suse.com/security/cve/CVE-2021-30600/ SUSE CVE CVE-2021-30600 page https://www.suse.com/security/cve/CVE-2021-30601/ SUSE CVE CVE-2021-30601 page https://www.suse.com/security/cve/CVE-2021-30602/ SUSE CVE CVE-2021-30602 page https://www.suse.com/security/cve/CVE-2021-30603/ SUSE CVE CVE-2021-30603 page https://www.suse.com/security/cve/CVE-2021-30604/ SUSE CVE CVE-2021-30604 page https://www.suse.com/security/cve/CVE-2021-30606/ SUSE CVE CVE-2021-30606 page https://www.suse.com/security/cve/CVE-2021-30607/ SUSE CVE CVE-2021-30607 page https://www.suse.com/security/cve/CVE-2021-30608/ SUSE CVE CVE-2021-30608 page https://www.suse.com/security/cve/CVE-2021-30609/ SUSE CVE CVE-2021-30609 page https://www.suse.com/security/cve/CVE-2021-30610/ SUSE CVE CVE-2021-30610 page https://www.suse.com/security/cve/CVE-2021-30611/ SUSE CVE CVE-2021-30611 page https://www.suse.com/security/cve/CVE-2021-30612/ SUSE CVE CVE-2021-30612 page https://www.suse.com/security/cve/CVE-2021-30613/ SUSE CVE CVE-2021-30613 page https://www.suse.com/security/cve/CVE-2021-30614/ SUSE CVE CVE-2021-30614 page https://www.suse.com/security/cve/CVE-2021-30615/ SUSE CVE CVE-2021-30615 page https://www.suse.com/security/cve/CVE-2021-30616/ SUSE CVE CVE-2021-30616 page https://www.suse.com/security/cve/CVE-2021-30617/ SUSE CVE CVE-2021-30617 page https://www.suse.com/security/cve/CVE-2021-30618/ SUSE CVE CVE-2021-30618 page https://www.suse.com/security/cve/CVE-2021-30619/ SUSE CVE CVE-2021-30619 page https://www.suse.com/security/cve/CVE-2021-30620/ SUSE CVE CVE-2021-30620 page https://www.suse.com/security/cve/CVE-2021-30621/ SUSE CVE CVE-2021-30621 page https://www.suse.com/security/cve/CVE-2021-30622/ SUSE CVE CVE-2021-30622 page https://www.suse.com/security/cve/CVE-2021-30623/ SUSE CVE CVE-2021-30623 page https://www.suse.com/security/cve/CVE-2021-30624/ SUSE CVE CVE-2021-30624 page https://www.suse.com/security/cve/CVE-2021-30625/ SUSE CVE CVE-2021-30625 page https://www.suse.com/security/cve/CVE-2021-30626/ SUSE CVE CVE-2021-30626 page https://www.suse.com/security/cve/CVE-2021-30627/ SUSE CVE CVE-2021-30627 page https://www.suse.com/security/cve/CVE-2021-30628/ SUSE CVE CVE-2021-30628 page https://www.suse.com/security/cve/CVE-2021-30629/ SUSE CVE CVE-2021-30629 page https://www.suse.com/security/cve/CVE-2021-30630/ SUSE CVE CVE-2021-30630 page https://www.suse.com/security/cve/CVE-2021-30631/ SUSE CVE CVE-2021-30631 page https://www.suse.com/security/cve/CVE-2021-30632/ SUSE CVE CVE-2021-30632 page https://www.suse.com/security/cve/CVE-2021-30633/ SUSE CVE CVE-2021-30633 page openSUSE Tumbleweed chromedriver-93.0.4577.82-1.1 chromium-93.0.4577.82-1.1 chromedriver-93.0.4577.82-1.1 as a component of openSUSE Tumbleweed chromium-93.0.4577.82-1.1 as a component of openSUSE Tumbleweed An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. CVE-2017-11215 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11215.html CVE-2017-11215 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. CVE-2017-11225 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11225.html CVE-2017-11225 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-15386 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15386.html CVE-2017-15386 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. CVE-2017-15387 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15387.html CVE-2017-15387 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-15388 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15388.html CVE-2017-15388 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-15389 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15389.html CVE-2017-15389 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-15390 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15390.html CVE-2017-15390 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. CVE-2017-15391 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15391.html CVE-2017-15391 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. CVE-2017-15392 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4 AV:N/AC:L/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15392.html CVE-2017-15392 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. CVE-2017-15393 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15393.html CVE-2017-15393 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. CVE-2017-15394 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15394.html CVE-2017-15394 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. CVE-2017-15395 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15395.html CVE-2017-15395 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15396 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15396.html CVE-2017-15396 https://bugzilla.suse.com/1065405 SUSE Bug 1065405 A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. CVE-2017-15398 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15398.html CVE-2017-15398 https://bugzilla.suse.com/1066851 SUSE Bug 1066851 https://bugzilla.suse.com/1066853 SUSE Bug 1066853 A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15399 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15399.html CVE-2017-15399 https://bugzilla.suse.com/1066851 SUSE Bug 1066851 https://bugzilla.suse.com/1066853 SUSE Bug 1066853 Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. CVE-2017-15407 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15407.html CVE-2017-15407 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. CVE-2017-15408 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15408.html CVE-2017-15408 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15409 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15409.html CVE-2017-15409 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-15410 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15410.html CVE-2017-15410 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-15411 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15411.html CVE-2017-15411 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15412 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15412.html CVE-2017-15412 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 https://bugzilla.suse.com/1077993 SUSE Bug 1077993 https://bugzilla.suse.com/1123129 SUSE Bug 1123129 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-15413 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15413.html CVE-2017-15413 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. CVE-2017-15415 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15415.html CVE-2017-15415 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. CVE-2017-15416 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15416.html CVE-2017-15416 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2017-15417 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15417.html CVE-2017-15417 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-15418 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15418.html CVE-2017-15418 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. CVE-2017-15419 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15419.html CVE-2017-15419 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-15420 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15420.html CVE-2017-15420 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-15422 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15422.html CVE-2017-15422 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 https://bugzilla.suse.com/1077999 SUSE Bug 1077999 https://bugzilla.suse.com/1123121 SUSE Bug 1123121 Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. CVE-2017-15423 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15423.html CVE-2017-15423 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-15424 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15424.html CVE-2017-15424 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-15425 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15425.html CVE-2017-15425 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-15426 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15426.html CVE-2017-15426 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. CVE-2017-15427 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15427.html CVE-2017-15427 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-15429 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15429.html CVE-2017-15429 https://bugzilla.suse.com/1072976 SUSE Bug 1072976 Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-15430 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-15430.html CVE-2017-15430 https://bugzilla.suse.com/1071691 SUSE Bug 1071691 https://bugzilla.suse.com/1106341 SUSE Bug 1106341 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5006 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5006.html CVE-2017-5006 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5007 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5007.html CVE-2017-5007 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5008 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5008.html CVE-2017-5008 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5009 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5009.html CVE-2017-5009 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2017-5010 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5010.html CVE-2017-5010 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. CVE-2017-5011 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5011.html CVE-2017-5011 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5012 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5012.html CVE-2017-5012 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-5013 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5013.html CVE-2017-5013 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5014 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5014.html CVE-2017-5014 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5015 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5015.html CVE-2017-5015 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. CVE-2017-5016 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5016.html CVE-2017-5016 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. CVE-2017-5017 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5017.html CVE-2017-5017 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2017-5018 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5018.html CVE-2017-5018 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5019 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5019.html CVE-2017-5019 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. CVE-2017-5020 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5020.html CVE-2017-5020 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5021 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5021.html CVE-2017-5021 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2017-5022 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5022.html CVE-2017-5022 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. CVE-2017-5023 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5023.html CVE-2017-5023 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2017-5024 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5024.html CVE-2017-5024 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2017-5025 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5025.html CVE-2017-5025 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. CVE-2017-5026 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5026.html CVE-2017-5026 https://bugzilla.suse.com/1022049 SUSE Bug 1022049 Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2017-5030 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5030.html CVE-2017-5030 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. CVE-2017-5035 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5035.html CVE-2017-5035 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. CVE-2017-5041 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5041.html CVE-2017-5041 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5044 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5044.html CVE-2017-5044 https://bugzilla.suse.com/1028848 SUSE Bug 1028848 https://bugzilla.suse.com/1028875 SUSE Bug 1028875 An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. CVE-2017-5052 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5052.html CVE-2017-5052 https://bugzilla.suse.com/1031677 SUSE Bug 1031677 An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. CVE-2017-5053 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5053.html CVE-2017-5053 https://bugzilla.suse.com/1031677 SUSE Bug 1031677 An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. CVE-2017-5054 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5054.html CVE-2017-5054 https://bugzilla.suse.com/1031677 SUSE Bug 1031677 A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5055 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5055.html CVE-2017-5055 https://bugzilla.suse.com/1031677 SUSE Bug 1031677 A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5056 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5056.html CVE-2017-5056 https://bugzilla.suse.com/1031677 SUSE Bug 1031677 Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2017-5057 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5057.html CVE-2017-5057 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2017-5058 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5058.html CVE-2017-5058 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page. CVE-2017-5059 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5059.html CVE-2017-5059 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5060 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5060.html CVE-2017-5060 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-5061 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5061.html CVE-2017-5061 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension. CVE-2017-5062 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5062.html CVE-2017-5062 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5063 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5063.html CVE-2017-5063 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5064 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5064.html CVE-2017-5064 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. CVE-2017-5065 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5065.html CVE-2017-5065 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. CVE-2017-5066 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5066.html CVE-2017-5066 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2017-5067 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5067.html CVE-2017-5067 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. CVE-2017-5068 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5068.html CVE-2017-5068 https://bugzilla.suse.com/1037594 SUSE Bug 1037594 Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. CVE-2017-5069 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5069.html CVE-2017-5069 https://bugzilla.suse.com/1035103 SUSE Bug 1035103 Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2017-5070 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5070.html CVE-2017-5070 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5071 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5071.html CVE-2017-5071 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. CVE-2017-5072 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5072.html CVE-2017-5072 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5073 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5073.html CVE-2017-5073 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. CVE-2017-5074 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.4 AV:A/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5074.html CVE-2017-5074 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. CVE-2017-5075 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5075.html CVE-2017-5075 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5076 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5076.html CVE-2017-5076 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5077 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5077.html CVE-2017-5077 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. CVE-2017-5078 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5078.html CVE-2017-5078 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. CVE-2017-5079 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5079.html CVE-2017-5079 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5080 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5080.html CVE-2017-5080 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. CVE-2017-5081 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5081.html CVE-2017-5081 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. CVE-2017-5082 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5082.html CVE-2017-5082 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. CVE-2017-5083 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5083.html CVE-2017-5083 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. CVE-2017-5085 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5085.html CVE-2017-5085 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5086 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5086.html CVE-2017-5086 https://bugzilla.suse.com/1042833 SUSE Bug 1042833 A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. CVE-2017-5087 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5087.html CVE-2017-5087 https://bugzilla.suse.com/1044690 SUSE Bug 1044690 Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2017-5088 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5088.html CVE-2017-5088 https://bugzilla.suse.com/1044690 SUSE Bug 1044690 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. CVE-2017-5089 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5089.html CVE-2017-5089 https://bugzilla.suse.com/1044690 SUSE Bug 1044690 A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5091 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5091.html CVE-2017-5091 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2017-5092 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5092.html CVE-2017-5092 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. CVE-2017-5093 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5093.html CVE-2017-5093 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. CVE-2017-5094 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5094.html CVE-2017-5094 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. CVE-2017-5095 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5095.html CVE-2017-5095 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. CVE-2017-5096 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5096.html CVE-2017-5096 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5097 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5097.html CVE-2017-5097 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5098 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5098.html CVE-2017-5098 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. CVE-2017-5099 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5099.html CVE-2017-5099 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5100 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5100.html CVE-2017-5100 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. CVE-2017-5101 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5101.html CVE-2017-5101 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-5102 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5102.html CVE-2017-5102 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-5103 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5103.html CVE-2017-5103 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. CVE-2017-5104 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5104.html CVE-2017-5104 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5105 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5105.html CVE-2017-5105 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. CVE-2017-5106 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5106.html CVE-2017-5106 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. CVE-2017-5107 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5107.html CVE-2017-5107 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. CVE-2017-5108 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5108.html CVE-2017-5108 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. CVE-2017-5109 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5109.html CVE-2017-5109 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. CVE-2017-5110 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5110.html CVE-2017-5110 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. CVE-2017-5111 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5111.html CVE-2017-5111 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2017-5112 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5112.html CVE-2017-5112 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5113 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5113.html CVE-2017-5113 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. CVE-2017-5114 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5114.html CVE-2017-5114 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2017-5115 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5115.html CVE-2017-5115 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2017-5116 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5116.html CVE-2017-5116 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-5117 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5117.html CVE-2017-5117 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2017-5118 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5118.html CVE-2017-5118 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2017-5119 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5119.html CVE-2017-5119 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). CVE-2017-5120 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5120.html CVE-2017-5120 https://bugzilla.suse.com/1057364 SUSE Bug 1057364 Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. CVE-2017-5121 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5121.html CVE-2017-5121 https://bugzilla.suse.com/1060019 SUSE Bug 1060019 https://bugzilla.suse.com/1060020 SUSE Bug 1060020 Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. CVE-2017-5122 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5122.html CVE-2017-5122 https://bugzilla.suse.com/1060019 SUSE Bug 1060019 https://bugzilla.suse.com/1060020 SUSE Bug 1060020 Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. CVE-2017-5124 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5124.html CVE-2017-5124 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2017-5125 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5125.html CVE-2017-5125 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-5126 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5126.html CVE-2017-5126 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2017-5127 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5127.html CVE-2017-5127 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. CVE-2017-5128 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5128.html CVE-2017-5128 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2017-5129 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5129.html CVE-2017-5129 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. CVE-2017-5130 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5130.html CVE-2017-5130 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 https://bugzilla.suse.com/1078806 SUSE Bug 1078806 https://bugzilla.suse.com/1123129 SUSE Bug 1123129 https://bugzilla.suse.com/1123919 SUSE Bug 1123919 An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. CVE-2017-5131 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5131.html CVE-2017-5131 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. CVE-2017-5132 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5132.html CVE-2017-5132 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. CVE-2017-5133 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5133.html CVE-2017-5133 https://bugzilla.suse.com/1064066 SUSE Bug 1064066 https://bugzilla.suse.com/1064089 SUSE Bug 1064089 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. CVE-2017-7000 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7000.html CVE-2017-7000 https://bugzilla.suse.com/1050537 SUSE Bug 1050537 A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-16065 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16065.html CVE-2018-16065 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-16066 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16066.html CVE-2018-16066 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-16067 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16067.html CVE-2018-16067 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2018-16068 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16068.html CVE-2018-16068 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-16069 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16069.html CVE-2018-16069 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-16070 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16070.html CVE-2018-16070 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2018-16071 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16071.html CVE-2018-16071 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2018-16073 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16073.html CVE-2018-16073 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2018-16074 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16074.html CVE-2018-16074 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page. CVE-2018-16075 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16075.html CVE-2018-16075 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2018-16076 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16076.html CVE-2018-16076 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 https://bugzilla.suse.com/1110628 SUSE Bug 1110628 Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2018-16077 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16077.html CVE-2018-16077 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2018-16078 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16078.html CVE-2018-16078 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-16079 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16079.html CVE-2018-16079 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-16080 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16080.html CVE-2018-16080 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. CVE-2018-16081 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16081.html CVE-2018-16081 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2018-16082 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16082.html CVE-2018-16082 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-16083 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16083.html CVE-2018-16083 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. CVE-2018-16084 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16084.html CVE-2018-16084 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-16085 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16085.html CVE-2018-16085 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2018-16086 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16086.html CVE-2018-16086 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2018-16087 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16087.html CVE-2018-16087 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. CVE-2018-16088 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16088.html CVE-2018-16088 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. CVE-2018-17462 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17462.html CVE-2018-17462 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-17463 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17463.html CVE-2018-17463 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17464 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17464.html CVE-2018-17464 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-17465 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17465.html CVE-2018-17465 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-17466 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17466.html CVE-2018-17466 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 https://bugzilla.suse.com/1121207 SUSE Bug 1121207 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17467 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17467.html CVE-2018-17467 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. CVE-2018-17468 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17468.html CVE-2018-17468 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2018-17469 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17469.html CVE-2018-17469 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2018-17470 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17470.html CVE-2018-17470 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-17471 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17471.html CVE-2018-17471 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. CVE-2018-17472 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17472.html CVE-2018-17472 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-17473 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17473.html CVE-2018-17473 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-17474 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17474.html CVE-2018-17474 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-17475 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17475.html CVE-2018-17475 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-17476 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17476.html CVE-2018-17476 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. CVE-2018-17477 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17477.html CVE-2018-17477 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-17478 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17478.html CVE-2018-17478 https://bugzilla.suse.com/1115537 SUSE Bug 1115537 Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-17479 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17479.html CVE-2018-17479 https://bugzilla.suse.com/1116608 SUSE Bug 1116608 Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-17480 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17480.html CVE-2018-17480 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-17481 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17481.html CVE-2018-17481 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1119364 SUSE Bug 1119364 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18335 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18335.html CVE-2018-18335 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-18336 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18336.html CVE-2018-18336 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18337 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18337.html CVE-2018-18337 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18338 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18338.html CVE-2018-18338 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18339 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18339.html CVE-2018-18339 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18340 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18340.html CVE-2018-18340 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18341 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18341.html CVE-2018-18341 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-18342 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18342.html CVE-2018-18342 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18343 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18343.html CVE-2018-18343 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. CVE-2018-18344 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18344.html CVE-2018-18344 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. CVE-2018-18345 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18345.html CVE-2018-18345 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. CVE-2018-18346 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18346.html CVE-2018-18346 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. CVE-2018-18347 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18347.html CVE-2018-18347 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-18348 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18348.html CVE-2018-18348 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. CVE-2018-18349 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18349.html CVE-2018-18349 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2018-18350 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18350.html CVE-2018-18350 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. CVE-2018-18351 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18351.html CVE-2018-18351 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. CVE-2018-18352 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18352.html CVE-2018-18352 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. CVE-2018-18353 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18353.html CVE-2018-18353 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. CVE-2018-18354 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18354.html CVE-2018-18354 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-18355 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18355.html CVE-2018-18355 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-18356 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18356.html CVE-2018-18356 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 https://bugzilla.suse.com/1125396 SUSE Bug 1125396 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-18357 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18357.html CVE-2018-18357 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. CVE-2018-18358 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 2.9 AV:A/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18358.html CVE-2018-18358 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-18359 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-18359.html CVE-2018-18359 https://bugzilla.suse.com/1118529 SUSE Bug 1118529 https://bugzilla.suse.com/1125330 SUSE Bug 1125330 Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. CVE-2018-20073 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20073.html CVE-2018-20073 https://bugzilla.suse.com/1120892 SUSE Bug 1120892 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. CVE-2018-4117 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-4117.html CVE-2018-4117 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. CVE-2018-5179 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5179.html CVE-2018-5179 https://bugzilla.suse.com/1112111 SUSE Bug 1112111 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-6031 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6031.html CVE-2018-6031 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. CVE-2018-6032 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6032.html CVE-2018-6032 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. CVE-2018-6033 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6033.html CVE-2018-6033 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6034 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6034.html CVE-2018-6034 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. CVE-2018-6035 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6035.html CVE-2018-6035 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. CVE-2018-6036 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6036.html CVE-2018-6036 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. CVE-2018-6037 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6037.html CVE-2018-6037 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6038 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6038.html CVE-2018-6038 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. CVE-2018-6039 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6039.html CVE-2018-6039 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. CVE-2018-6040 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6040.html CVE-2018-6040 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6041 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6041.html CVE-2018-6041 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6042 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6042.html CVE-2018-6042 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page. CVE-2018-6043 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6043.html CVE-2018-6043 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16064. Reason: This candidate is a reservation duplicate of CVE-2018-16064. Notes: All CVE users should reference CVE-2018-16064 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE-2018-6044 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6044.html CVE-2018-6044 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. CVE-2018-6045 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6045.html CVE-2018-6045 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. CVE-2018-6046 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6046.html CVE-2018-6046 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. CVE-2018-6047 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6047.html CVE-2018-6047 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. CVE-2018-6048 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6048.html CVE-2018-6048 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. CVE-2018-6049 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6049.html CVE-2018-6049 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6050 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6050.html CVE-2018-6050 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. CVE-2018-6051 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6051.html CVE-2018-6051 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. CVE-2018-6052 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6052.html CVE-2018-6052 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. CVE-2018-6053 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6053.html CVE-2018-6053 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2018-6054 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6054.html CVE-2018-6054 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6056 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6056.html CVE-2018-6056 https://bugzilla.suse.com/1080920 SUSE Bug 1080920 Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. CVE-2018-6057 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6057.html CVE-2018-6057 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6060 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6060.html CVE-2018-6060 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6061 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6061.html CVE-2018-6061 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6062 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6062.html CVE-2018-6062 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6063 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6063.html CVE-2018-6063 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6064 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6064.html CVE-2018-6064 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6065 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6065.html CVE-2018-6065 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6066 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6066.html CVE-2018-6066 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6067 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6067.html CVE-2018-6067 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6068 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6068.html CVE-2018-6068 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6069 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6069.html CVE-2018-6069 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. CVE-2018-6070 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6070.html CVE-2018-6070 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6071 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6071.html CVE-2018-6071 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-6072 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6072.html CVE-2018-6072 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6073 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6073.html CVE-2018-6073 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. CVE-2018-6074 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6074.html CVE-2018-6074 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. CVE-2018-6075 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6075.html CVE-2018-6075 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. CVE-2018-6076 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6076.html CVE-2018-6076 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6077 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6077.html CVE-2018-6077 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-6078 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6078.html CVE-2018-6078 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6079 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6079.html CVE-2018-6079 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . CVE-2018-6080 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6080.html CVE-2018-6080 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. CVE-2018-6081 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6081.html CVE-2018-6081 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. CVE-2018-6082 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6082.html CVE-2018-6082 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. CVE-2018-6083 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6083.html CVE-2018-6083 https://bugzilla.suse.com/1084296 SUSE Bug 1084296 Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6085 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6085.html CVE-2018-6085 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6086 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6086.html CVE-2018-6086 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6087 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6087.html CVE-2018-6087 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2018-6088 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6088.html CVE-2018-6088 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. CVE-2018-6089 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6089.html CVE-2018-6089 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6090 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6090.html CVE-2018-6090 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6091 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6091.html CVE-2018-6091 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2018-6092 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6092.html CVE-2018-6092 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6093 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6093.html CVE-2018-6093 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6094 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6094.html CVE-2018-6094 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. CVE-2018-6095 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6095.html CVE-2018-6095 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. CVE-2018-6096 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6096.html CVE-2018-6096 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. CVE-2018-6097 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6097.html CVE-2018-6097 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6098 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6098.html CVE-2018-6098 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. CVE-2018-6099 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6099.html CVE-2018-6099 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6100 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6100.html CVE-2018-6100 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. CVE-2018-6101 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6101.html CVE-2018-6101 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2018-6102 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6102.html CVE-2018-6102 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. CVE-2018-6103 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6103.html CVE-2018-6103 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6104 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6104.html CVE-2018-6104 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6105 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6105.html CVE-2018-6105 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-6106 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6106.html CVE-2018-6106 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6107 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6107.html CVE-2018-6107 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. CVE-2018-6108 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6108.html CVE-2018-6108 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. CVE-2018-6109 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6109.html CVE-2018-6109 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. CVE-2018-6110 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6110.html CVE-2018-6110 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6111 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6111.html CVE-2018-6111 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2018-6112 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6112.html CVE-2018-6112 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2018-6113 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6113.html CVE-2018-6113 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2018-6114 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6114.html CVE-2018-6114 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. CVE-2018-6115 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6115.html CVE-2018-6115 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2018-6116 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6116.html CVE-2018-6116 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2018-6117 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6117.html CVE-2018-6117 https://bugzilla.suse.com/1090000 SUSE Bug 1090000 A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2018-6118 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6118.html CVE-2018-6118 https://bugzilla.suse.com/1091288 SUSE Bug 1091288 An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2018-6120 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6120.html CVE-2018-6120 https://bugzilla.suse.com/1092923 SUSE Bug 1092923 Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. CVE-2018-6121 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6121.html CVE-2018-6121 https://bugzilla.suse.com/1092923 SUSE Bug 1092923 Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6122 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6122.html CVE-2018-6122 https://bugzilla.suse.com/1092923 SUSE Bug 1092923 A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6123 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6123.html CVE-2018-6123 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2018-6124 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6124.html CVE-2018-6124 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. CVE-2018-6125 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6125.html CVE-2018-6125 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6126 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6126.html CVE-2018-6126 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 https://bugzilla.suse.com/1096449 SUSE Bug 1096449 Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2018-6127 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6127.html CVE-2018-6127 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2018-6128 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6128.html CVE-2018-6128 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2018-6129 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6129.html CVE-2018-6129 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2018-6130 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6130.html CVE-2018-6130 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6131 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6131.html CVE-2018-6131 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. CVE-2018-6132 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6132.html CVE-2018-6132 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6133 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6133.html CVE-2018-6133 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. CVE-2018-6134 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6134.html CVE-2018-6134 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2018-6135 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6135.html CVE-2018-6135 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6136 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6136.html CVE-2018-6136 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6137 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6137.html CVE-2018-6137 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2018-6138 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6138.html CVE-2018-6138 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. CVE-2018-6139 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6139.html CVE-2018-6139 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. CVE-2018-6140 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6140.html CVE-2018-6140 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6141 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6141.html CVE-2018-6141 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. CVE-2018-6142 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6142.html CVE-2018-6142 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2018-6143 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6143.html CVE-2018-6143 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. CVE-2018-6144 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6144.html CVE-2018-6144 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2018-6145 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6145.html CVE-2018-6145 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. CVE-2018-6147 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6147.html CVE-2018-6147 https://bugzilla.suse.com/1095163 SUSE Bug 1095163 Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2018-6148 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6148.html CVE-2018-6148 https://bugzilla.suse.com/1096508 SUSE Bug 1096508 Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6149 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6149.html CVE-2018-6149 https://bugzilla.suse.com/1097452 SUSE Bug 1097452 A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6153 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6153.html CVE-2018-6153 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6154 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6154.html CVE-2018-6154 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2018-6155 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6155.html CVE-2018-6155 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2018-6156 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6156.html CVE-2018-6156 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. CVE-2018-6157 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6157.html CVE-2018-6157 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6158 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6158.html CVE-2018-6158 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2018-6159 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6159.html CVE-2018-6159 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6160 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6160.html CVE-2018-6160 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2018-6161 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6161.html CVE-2018-6161 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6162 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6162.html CVE-2018-6162 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6163 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6163.html CVE-2018-6163 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6164 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6164.html CVE-2018-6164 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6165 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6165.html CVE-2018-6165 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6166 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6166.html CVE-2018-6166 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6167 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6167.html CVE-2018-6167 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2018-6168 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6168.html CVE-2018-6168 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page. CVE-2018-6169 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6169.html CVE-2018-6169 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-6170 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6170.html CVE-2018-6170 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. CVE-2018-6171 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 2.9 AV:A/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6171.html CVE-2018-6171 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6172 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6172.html CVE-2018-6172 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6173 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6173.html CVE-2018-6173 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6174 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6174.html CVE-2018-6174 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6175 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6175.html CVE-2018-6175 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension. CVE-2018-6176 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6176.html CVE-2018-6176 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6177 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6177.html CVE-2018-6177 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. CVE-2018-6178 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6178.html CVE-2018-6178 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. CVE-2018-6179 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6179.html CVE-2018-6179 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. CVE-2018-6406 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6406.html CVE-2018-6406 https://bugzilla.suse.com/1078463 SUSE Bug 1078463 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13659 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13659.html CVE-2019-13659 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. CVE-2019-13660 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13660.html CVE-2019-13660 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. CVE-2019-13661 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13661.html CVE-2019-13661 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13662 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13662.html CVE-2019-13662 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13663 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13663.html CVE-2019-13663 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13664 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13664.html CVE-2019-13664 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. CVE-2019-13665 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13665.html CVE-2019-13665 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13666 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13666.html CVE-2019-13666 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13667 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13667.html CVE-2019-13667 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13668 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13668.html CVE-2019-13668 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13669 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13669.html CVE-2019-13669 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13670 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13670.html CVE-2019-13670 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2019-13671 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13671.html CVE-2019-13671 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13673 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13673.html CVE-2019-13673 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13674 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13674.html CVE-2019-13674 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. CVE-2019-13675 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13675.html CVE-2019-13675 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13676 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13676.html CVE-2019-13676 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2019-13677 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13677.html CVE-2019-13677 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13678 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13678.html CVE-2019-13678 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. CVE-2019-13679 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13679.html CVE-2019-13679 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections. CVE-2019-13680 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13680.html CVE-2019-13680 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13681 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13681.html CVE-2019-13681 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-13682 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13682.html CVE-2019-13682 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13683 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13683.html CVE-2019-13683 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13685 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13685.html CVE-2019-13685 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13686 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13686.html CVE-2019-13686 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13687 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13687.html CVE-2019-13687 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13688 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13688.html CVE-2019-13688 https://bugzilla.suse.com/1151229 SUSE Bug 1151229 Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-13693 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13693.html CVE-2019-13693 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13694 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13694.html CVE-2019-13694 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13695 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13695.html CVE-2019-13695 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13696 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13696.html CVE-2019-13696 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13697 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13697.html CVE-2019-13697 https://bugzilla.suse.com/1153660 SUSE Bug 1153660 Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13699 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13699.html CVE-2019-13699 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13700 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13700.html CVE-2019-13700 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13701 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13701.html CVE-2019-13701 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. CVE-2019-13702 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13702.html CVE-2019-13702 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13703 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13703.html CVE-2019-13703 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-13704 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13704.html CVE-2019-13704 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. CVE-2019-13705 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13705.html CVE-2019-13705 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-13706 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13706.html CVE-2019-13706 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. CVE-2019-13707 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13707.html CVE-2019-13707 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13708 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13708.html CVE-2019-13708 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13709 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13709.html CVE-2019-13709 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. CVE-2019-13710 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13710.html CVE-2019-13710 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13711 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13711.html CVE-2019-13711 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13713 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13713.html CVE-2019-13713 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. CVE-2019-13714 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13714.html CVE-2019-13714 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13715 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13715.html CVE-2019-13715 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-13716 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13716.html CVE-2019-13716 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. CVE-2019-13717 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13717.html CVE-2019-13717 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13718 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13718.html CVE-2019-13718 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. CVE-2019-13719 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13719.html CVE-2019-13719 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13720 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13720.html CVE-2019-13720 https://bugzilla.suse.com/1155643 SUSE Bug 1155643 Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13721 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13721.html CVE-2019-13721 https://bugzilla.suse.com/1155643 SUSE Bug 1155643 Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13723 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13723.html CVE-2019-13723 https://bugzilla.suse.com/1157269 SUSE Bug 1157269 Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13724 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13724.html CVE-2019-13724 https://bugzilla.suse.com/1157269 SUSE Bug 1157269 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2019-13725 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13725.html CVE-2019-13725 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2019-13726 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13726.html CVE-2019-13726 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-13727 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13727.html CVE-2019-13727 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13728 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13728.html CVE-2019-13728 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13729 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13729.html CVE-2019-13729 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13730 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13730.html CVE-2019-13730 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13732 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13732.html CVE-2019-13732 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13734 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13734.html CVE-2019-13734 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2019-13735 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13735.html CVE-2019-13735 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-13736 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13736.html CVE-2019-13736 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13737 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13737.html CVE-2019-13737 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2019-13738 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13738.html CVE-2019-13738 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13739 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13739.html CVE-2019-13739 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13740 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13740.html CVE-2019-13740 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. CVE-2019-13741 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13741.html CVE-2019-13741 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-13742 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13742.html CVE-2019-13742 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2019-13743 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13743.html CVE-2019-13743 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13744 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13744.html CVE-2019-13744 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-13745 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13745.html CVE-2019-13745 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13746 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13746.html CVE-2019-13746 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13747 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13747.html CVE-2019-13747 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13748 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13748.html CVE-2019-13748 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-13749 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13749.html CVE-2019-13749 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. CVE-2019-13750 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13750.html CVE-2019-13750 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13751 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13751.html CVE-2019-13751 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13752 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13752.html CVE-2019-13752 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-13753 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13753.html CVE-2019-13753 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-13754 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13754.html CVE-2019-13754 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. CVE-2019-13755 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13755.html CVE-2019-13755 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13756 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13756.html CVE-2019-13756 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13757 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13757.html CVE-2019-13757 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-13758 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13758.html CVE-2019-13758 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-13759 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13759.html CVE-2019-13759 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2019-13761 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13761.html CVE-2019-13761 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. CVE-2019-13762 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13762.html CVE-2019-13762 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2019-13763 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13763.html CVE-2019-13763 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13764 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13764.html CVE-2019-13764 https://bugzilla.suse.com/1158982 SUSE Bug 1158982 Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2019-13767 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-13767.html CVE-2019-13767 https://bugzilla.suse.com/1159498 SUSE Bug 1159498 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVE-2019-15903 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-15903.html CVE-2019-15903 https://bugzilla.suse.com/1149429 SUSE Bug 1149429 https://bugzilla.suse.com/1154738 SUSE Bug 1154738 https://bugzilla.suse.com/1154806 SUSE Bug 1154806 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CVE-2019-18197 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18197.html CVE-2019-18197 https://bugzilla.suse.com/1154609 SUSE Bug 1154609 https://bugzilla.suse.com/1157028 SUSE Bug 1157028 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1190108 SUSE Bug 1190108 exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. CVE-2019-19880 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19880.html CVE-2019-19880 https://bugzilla.suse.com/1159491 SUSE Bug 1159491 https://bugzilla.suse.com/1159715 SUSE Bug 1159715 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). CVE-2019-19923 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19923.html CVE-2019-19923 https://bugzilla.suse.com/1160309 SUSE Bug 1160309 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. CVE-2019-19926 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-19926.html CVE-2019-19926 https://bugzilla.suse.com/1159491 SUSE Bug 1159491 https://bugzilla.suse.com/1159715 SUSE Bug 1159715 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. CVE-2019-20503 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-20503.html CVE-2019-20503 https://bugzilla.suse.com/1166238 SUSE Bug 1166238 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. CVE-2019-5754 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5754.html CVE-2019-5754 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. CVE-2019-5755 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5755.html CVE-2019-5755 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2019-5756 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5756.html CVE-2019-5756 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2019-5757 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5757.html CVE-2019-5757 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5758 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5758.html CVE-2019-5758 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5759 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5759.html CVE-2019-5759 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5760 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5760.html CVE-2019-5760 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5761 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5761.html CVE-2019-5761 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. CVE-2019-5762 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5762.html CVE-2019-5762 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5763 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5763.html CVE-2019-5763 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5764 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5764.html CVE-2019-5764 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. CVE-2019-5765 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5765.html CVE-2019-5765 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5766 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5766.html CVE-2019-5766 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. CVE-2019-5767 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5767.html CVE-2019-5767 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. CVE-2019-5768 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5768.html CVE-2019-5768 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5769 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5769.html CVE-2019-5769 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2019-5770 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5770.html CVE-2019-5770 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2019-5771 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5771.html CVE-2019-5771 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5772 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5772.html CVE-2019-5772 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. CVE-2019-5773 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5773.html CVE-2019-5773 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. CVE-2019-5774 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5774.html CVE-2019-5774 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5775 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5775.html CVE-2019-5775 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5776 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5776.html CVE-2019-5776 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5777 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5777.html CVE-2019-5777 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. CVE-2019-5778 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5778.html CVE-2019-5778 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5779 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5779.html CVE-2019-5779 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. CVE-2019-5780 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5780.html CVE-2019-5780 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. CVE-2019-5781 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5781.html CVE-2019-5781 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2019-5782 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5782.html CVE-2019-5782 https://bugzilla.suse.com/1123641 SUSE Bug 1123641 Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5784 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5784.html CVE-2019-5784 https://bugzilla.suse.com/1124936 SUSE Bug 1124936 Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5786 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5786.html CVE-2019-5786 https://bugzilla.suse.com/1127602 SUSE Bug 1127602 Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5787 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5787.html CVE-2019-5787 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-5788 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5788.html CVE-2019-5788 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. CVE-2019-5789 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5789.html CVE-2019-5789 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2019-5790 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5790.html CVE-2019-5790 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2019-5791 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5791.html CVE-2019-5791 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. CVE-2019-5792 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5792.html CVE-2019-5792 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. CVE-2019-5793 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5793.html CVE-2019-5793 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5794 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5794.html CVE-2019-5794 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. CVE-2019-5795 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5795.html CVE-2019-5795 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5796 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5796.html CVE-2019-5796 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5797 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5797.html CVE-2019-5797 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. CVE-2019-5798 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5798.html CVE-2019-5798 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 https://bugzilla.suse.com/1135824 SUSE Bug 1135824 Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-5799 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5799.html CVE-2019-5799 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-5800 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5800.html CVE-2019-5800 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5801 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5801.html CVE-2019-5801 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5802 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5802.html CVE-2019-5802 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2019-5803 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5803.html CVE-2019-5803 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. CVE-2019-5804 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5804.html CVE-2019-5804 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5805 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5805.html CVE-2019-5805 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5806 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5806.html CVE-2019-5806 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5807 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5807.html CVE-2019-5807 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5808 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5808.html CVE-2019-5808 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. CVE-2019-5809 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5809.html CVE-2019-5809 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5810 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5810.html CVE-2019-5810 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-5811 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5811.html CVE-2019-5811 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5812 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5812.html CVE-2019-5812 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5813 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5813.html CVE-2019-5813 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5814 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5814.html CVE-2019-5814 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. CVE-2019-5815 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5815.html CVE-2019-5815 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. CVE-2019-5816 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5816.html CVE-2019-5816 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5817 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5817.html CVE-2019-5817 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. CVE-2019-5818 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5818.html CVE-2019-5818 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. CVE-2019-5819 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5819.html CVE-2019-5819 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5820 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5820.html CVE-2019-5820 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5821 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5821.html CVE-2019-5821 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2019-5822 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5822.html CVE-2019-5822 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5823 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5823.html CVE-2019-5823 https://bugzilla.suse.com/1133313 SUSE Bug 1133313 Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5824 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5824.html CVE-2019-5824 https://bugzilla.suse.com/1134218 SUSE Bug 1134218 Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5827 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5827.html CVE-2019-5827 https://bugzilla.suse.com/1134218 SUSE Bug 1134218 Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5828 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5828.html CVE-2019-5828 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5829 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5829.html CVE-2019-5829 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5830 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5830.html CVE-2019-5830 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5831 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5831.html CVE-2019-5831 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5832 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5832.html CVE-2019-5832 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. CVE-2019-5833 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5833.html CVE-2019-5833 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2019-5834 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5834.html CVE-2019-5834 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2019-5835 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5835.html CVE-2019-5835 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5836 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5836.html CVE-2019-5836 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5837 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5837.html CVE-2019-5837 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. CVE-2019-5838 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5838.html CVE-2019-5838 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. CVE-2019-5839 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5839.html CVE-2019-5839 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5840 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5840.html CVE-2019-5840 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5842 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5842.html CVE-2019-5842 https://bugzilla.suse.com/1137332 SUSE Bug 1137332 https://bugzilla.suse.com/1138287 SUSE Bug 1138287 Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5844 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5844.html CVE-2019-5844 https://bugzilla.suse.com/1129059 SUSE Bug 1129059 Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5847 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5847.html CVE-2019-5847 https://bugzilla.suse.com/1141649 SUSE Bug 1141649 Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5848 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5848.html CVE-2019-5848 https://bugzilla.suse.com/1141649 SUSE Bug 1141649 Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5850 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5850.html CVE-2019-5850 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5851 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5851.html CVE-2019-5851 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5852 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5852.html CVE-2019-5852 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5853 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5853.html CVE-2019-5853 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5854 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5854.html CVE-2019-5854 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5855 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5855.html CVE-2019-5855 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2019-5856 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5856.html CVE-2019-5856 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. CVE-2019-5857 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5857.html CVE-2019-5857 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. CVE-2019-5858 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5858.html CVE-2019-5858 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5859 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5859.html CVE-2019-5859 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5860 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5860.html CVE-2019-5860 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. CVE-2019-5861 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5861.html CVE-2019-5861 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2019-5862 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5862.html CVE-2019-5862 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2019-5863 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5863.html CVE-2019-5863 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. CVE-2019-5864 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5864.html CVE-2019-5864 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2019-5865 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5865.html CVE-2019-5865 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5867 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5867.html CVE-2019-5867 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 https://bugzilla.suse.com/1145242 SUSE Bug 1145242 Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2019-5868 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5868.html CVE-2019-5868 https://bugzilla.suse.com/1143492 SUSE Bug 1143492 https://bugzilla.suse.com/1145242 SUSE Bug 1145242 Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5869 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5869.html CVE-2019-5869 https://bugzilla.suse.com/1149143 SUSE Bug 1149143 Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2019-5870 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5870.html CVE-2019-5870 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5871 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5871.html CVE-2019-5871 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5872 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5872.html CVE-2019-5872 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2019-5874 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5874.html CVE-2019-5874 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2019-5875 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5875.html CVE-2019-5875 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5876 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5876.html CVE-2019-5876 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5877 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5877.html CVE-2019-5877 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2019-5878 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5878.html CVE-2019-5878 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. CVE-2019-5879 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5879.html CVE-2019-5879 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2019-5880 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5880.html CVE-2019-5880 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2019-5881 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5881.html CVE-2019-5881 https://bugzilla.suse.com/1150425 SUSE Bug 1150425 Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. CVE-2019-8075 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-8075.html CVE-2019-8075 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2020-0561 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-0561.html CVE-2020-0561 Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering. CVE-2020-15959 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15959.html CVE-2020-15959 https://bugzilla.suse.com/1176306 SUSE Bug 1176306 Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2020-15960 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15960.html CVE-2020-15960 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-15961 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15961.html CVE-2020-15961 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2020-15962 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15962.html CVE-2020-15962 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-15963 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15963.html CVE-2020-15963 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15964 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15964.html CVE-2020-15964 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2020-15965 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15965.html CVE-2020-15965 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. CVE-2020-15966 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15966.html CVE-2020-15966 https://bugzilla.suse.com/1176791 SUSE Bug 1176791 https://bugzilla.suse.com/1176799 SUSE Bug 1176799 Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15967 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15967.html CVE-2020-15967 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15968 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15968.html CVE-2020-15968 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15969 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15969.html CVE-2020-15969 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 https://bugzilla.suse.com/1177872 SUSE Bug 1177872 https://bugzilla.suse.com/1177977 SUSE Bug 1177977 Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15970 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15970.html CVE-2020-15970 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15971 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15971.html CVE-2020-15971 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15972 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15972.html CVE-2020-15972 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. CVE-2020-15973 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15973.html CVE-2020-15973 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-15974 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15974.html CVE-2020-15974 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15975 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15975.html CVE-2020-15975 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15976 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15976.html CVE-2020-15976 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2020-15977 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15977.html CVE-2020-15977 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-15978 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15978.html CVE-2020-15978 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15979 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15979.html CVE-2020-15979 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. CVE-2020-15980 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15980.html CVE-2020-15980 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-15981 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15981.html CVE-2020-15981 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-15982 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15982.html CVE-2020-15982 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. CVE-2020-15983 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15983.html CVE-2020-15983 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. CVE-2020-15984 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15984.html CVE-2020-15984 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-15985 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15985.html CVE-2020-15985 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15986 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15986.html CVE-2020-15986 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. CVE-2020-15987 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15987.html CVE-2020-15987 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted HTML page. CVE-2020-15988 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15988.html CVE-2020-15988 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2020-15989 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15989.html CVE-2020-15989 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15990 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15990.html CVE-2020-15990 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-15991 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15991.html CVE-2020-15991 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. CVE-2020-15992 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15992.html CVE-2020-15992 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15995 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15995.html CVE-2020-15995 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-15999 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15999.html CVE-2020-15999 https://bugzilla.suse.com/1177914 SUSE Bug 1177914 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894 Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16000 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16000.html CVE-2020-16000 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16001 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16001.html CVE-2020-16001 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-16002 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16002.html CVE-2020-16002 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16003 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16003.html CVE-2020-16003 https://bugzilla.suse.com/1177936 SUSE Bug 1177936 Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16004 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16004.html CVE-2020-16004 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16005 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16005.html CVE-2020-16005 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16006 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16006.html CVE-2020-16006 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. CVE-2020-16007 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16007.html CVE-2020-16007 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. CVE-2020-16008 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16008.html CVE-2020-16008 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16009 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16009.html CVE-2020-16009 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16011 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16011.html CVE-2020-16011 https://bugzilla.suse.com/1178375 SUSE Bug 1178375 Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-16012 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16012.html CVE-2020-16012 https://bugzilla.suse.com/1178824 SUSE Bug 1178824 https://bugzilla.suse.com/1178894 SUSE Bug 1178894 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16013 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16013.html CVE-2020-16013 https://bugzilla.suse.com/1178703 SUSE Bug 1178703 Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16014 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16014.html CVE-2020-16014 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16015 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16015.html CVE-2020-16015 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16016 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16016.html CVE-2020-16016 https://bugzilla.suse.com/1178630 SUSE Bug 1178630 Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16017 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16017.html CVE-2020-16017 https://bugzilla.suse.com/1178703 SUSE Bug 1178703 Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16018 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16018.html CVE-2020-16018 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. CVE-2020-16019 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16019.html CVE-2020-16019 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file. CVE-2020-16020 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16020.html CVE-2020-16020 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file. CVE-2020-16021 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16021.html CVE-2020-16021 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML page. CVE-2020-16022 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16022.html CVE-2020-16022 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16023 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16023.html CVE-2020-16023 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16024 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16024.html CVE-2020-16024 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-16025 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16025.html CVE-2020-16025 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16026 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16026.html CVE-2020-16026 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension. CVE-2020-16027 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16027.html CVE-2020-16027 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16028 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16028.html CVE-2020-16028 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. CVE-2020-16029 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16029.html CVE-2020-16029 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. CVE-2020-16030 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16030.html CVE-2020-16030 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-16031 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16031.html CVE-2020-16031 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-16032 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16032.html CVE-2020-16032 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-16033 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16033.html CVE-2020-16033 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page. CVE-2020-16034 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16034.html CVE-2020-16034 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. CVE-2020-16035 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16035.html CVE-2020-16035 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page. CVE-2020-16036 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16036.html CVE-2020-16036 https://bugzilla.suse.com/1178923 SUSE Bug 1178923 Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16037 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16037.html CVE-2020-16037 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16038 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16038.html CVE-2020-16038 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16039 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16039.html CVE-2020-16039 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-16040 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16040.html CVE-2020-16040 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-16041 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16041.html CVE-2020-16041 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-16042 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16042.html CVE-2020-16042 https://bugzilla.suse.com/1179576 SUSE Bug 1179576 https://bugzilla.suse.com/1180039 SUSE Bug 1180039 Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. CVE-2020-16043 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16043.html CVE-2020-16043 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. CVE-2020-16044 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16044.html CVE-2020-16044 https://bugzilla.suse.com/1180623 SUSE Bug 1180623 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. CVE-2020-27844 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 8.3 AV:N/AC:M/Au:N/C:P/I:P/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-27844.html CVE-2020-27844 https://bugzilla.suse.com/1180045 SUSE Bug 1180045 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6377 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6377.html CVE-2020-6377 https://bugzilla.suse.com/1160337 SUSE Bug 1160337 Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6378 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6378.html CVE-2020-6378 https://bugzilla.suse.com/1161252 SUSE Bug 1161252 Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6379 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6379.html CVE-2020-6379 https://bugzilla.suse.com/1161252 SUSE Bug 1161252 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. CVE-2020-6380 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6380.html CVE-2020-6380 https://bugzilla.suse.com/1161252 SUSE Bug 1161252 Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6381 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6381.html CVE-2020-6381 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6382 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6382.html CVE-2020-6382 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-6385 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6385.html CVE-2020-6385 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. CVE-2020-6387 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6387.html CVE-2020-6387 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6388 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6388.html CVE-2020-6388 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. CVE-2020-6389 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6389.html CVE-2020-6389 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6390 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6390.html CVE-2020-6390 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. CVE-2020-6391 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6391.html CVE-2020-6391 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2020-6392 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6392.html CVE-2020-6392 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6393 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6393.html CVE-2020-6393 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6394 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6394.html CVE-2020-6394 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6395 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6395.html CVE-2020-6395 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6396 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6396.html CVE-2020-6396 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6397 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6397.html CVE-2020-6397 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-6398 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6398.html CVE-2020-6398 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6399 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6399.html CVE-2020-6399 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6400 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6400.html CVE-2020-6400 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6401 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6401.html CVE-2020-6401 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. CVE-2020-6402 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6402.html CVE-2020-6402 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6403 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6403.html CVE-2020-6403 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6404 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6404.html CVE-2020-6404 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6405 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6405.html CVE-2020-6405 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6406 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6406.html CVE-2020-6406 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6407 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6407.html CVE-2020-6407 https://bugzilla.suse.com/1164828 SUSE Bug 1164828 Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. CVE-2020-6408 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6408.html CVE-2020-6408 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. CVE-2020-6409 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6409.html CVE-2020-6409 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. CVE-2020-6410 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6410.html CVE-2020-6410 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6411 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6411.html CVE-2020-6411 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6412 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6412.html CVE-2020-6412 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. CVE-2020-6413 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6413.html CVE-2020-6413 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6414 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6414.html CVE-2020-6414 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6415 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6415.html CVE-2020-6415 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6416 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6416.html CVE-2020-6416 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. CVE-2020-6417 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6417.html CVE-2020-6417 https://bugzilla.suse.com/1162833 SUSE Bug 1162833 Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6418 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6418.html CVE-2020-6418 https://bugzilla.suse.com/1164828 SUSE Bug 1164828 Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2020-6420 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6420.html CVE-2020-6420 https://bugzilla.suse.com/1165826 SUSE Bug 1165826 Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6422 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6422.html CVE-2020-6422 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6423 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6423.html CVE-2020-6423 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6424 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6424.html CVE-2020-6424 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. CVE-2020-6425 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6425.html CVE-2020-6425 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6426 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6426.html CVE-2020-6426 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6427 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6427.html CVE-2020-6427 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6428 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6428.html CVE-2020-6428 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6429 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6429.html CVE-2020-6429 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6430 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6430.html CVE-2020-6430 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6431 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6431.html CVE-2020-6431 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6432 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6432.html CVE-2020-6432 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6433 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6433.html CVE-2020-6433 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6434 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6434.html CVE-2020-6434 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-6435 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6435.html CVE-2020-6435 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6436 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6436.html CVE-2020-6436 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. CVE-2020-6437 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6437.html CVE-2020-6437 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. CVE-2020-6438 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6438.html CVE-2020-6438 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. CVE-2020-6439 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6439.html CVE-2020-6439 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. CVE-2020-6440 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6440.html CVE-2020-6440 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. CVE-2020-6441 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6441.html CVE-2020-6441 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6442 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6442.html CVE-2020-6442 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. CVE-2020-6443 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6443.html CVE-2020-6443 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6444 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6444.html CVE-2020-6444 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6445 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6445.html CVE-2020-6445 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6446 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6446.html CVE-2020-6446 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6447 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6447.html CVE-2020-6447 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6448 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6448.html CVE-2020-6448 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6449 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6449.html CVE-2020-6449 https://bugzilla.suse.com/1167090 SUSE Bug 1167090 Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6450 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6450.html CVE-2020-6450 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6451 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6451.html CVE-2020-6451 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6452 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6452.html CVE-2020-6452 https://bugzilla.suse.com/1168421 SUSE Bug 1168421 Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2020-6454 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6454.html CVE-2020-6454 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6455 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6455.html CVE-2020-6455 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. CVE-2020-6456 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6456.html CVE-2020-6456 https://bugzilla.suse.com/1168911 SUSE Bug 1168911 Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6457 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6457.html CVE-2020-6457 https://bugzilla.suse.com/1169729 SUSE Bug 1169729 Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-6458 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6458.html CVE-2020-6458 https://bugzilla.suse.com/1170107 SUSE Bug 1170107 Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6459 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6459.html CVE-2020-6459 https://bugzilla.suse.com/1170107 SUSE Bug 1170107 Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. CVE-2020-6460 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6460.html CVE-2020-6460 https://bugzilla.suse.com/1170107 SUSE Bug 1170107 Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6462 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6462.html CVE-2020-6462 https://bugzilla.suse.com/1170707 SUSE Bug 1170707 Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6463 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6463.html CVE-2020-6463 https://bugzilla.suse.com/1171975 SUSE Bug 1171975 https://bugzilla.suse.com/1174538 SUSE Bug 1174538 Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6464 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6464.html CVE-2020-6464 https://bugzilla.suse.com/1171247 SUSE Bug 1171247 Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6465 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6465.html CVE-2020-6465 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6466 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6466.html CVE-2020-6466 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6467 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6467.html CVE-2020-6467 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6468 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6468.html CVE-2020-6468 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6469 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6469.html CVE-2020-6469 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. CVE-2020-6470 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6470.html CVE-2020-6470 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6471 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6471.html CVE-2020-6471 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. CVE-2020-6472 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6472.html CVE-2020-6472 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6473 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6473.html CVE-2020-6473 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6474 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6474.html CVE-2020-6474 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6475 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6475.html CVE-2020-6475 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2020-6476 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6476.html CVE-2020-6476 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. CVE-2020-6477 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6477.html CVE-2020-6477 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6478 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6478.html CVE-2020-6478 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2020-6479 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6479.html CVE-2020-6479 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. CVE-2020-6480 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6480.html CVE-2020-6480 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. CVE-2020-6481 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6481.html CVE-2020-6481 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2020-6482 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6482.html CVE-2020-6482 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6483 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6483.html CVE-2020-6483 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. CVE-2020-6484 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6484.html CVE-2020-6484 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2020-6485 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6485.html CVE-2020-6485 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6486 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6486.html CVE-2020-6486 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6487 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6487.html CVE-2020-6487 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6488 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6488.html CVE-2020-6488 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2020-6489 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6489.html CVE-2020-6489 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. CVE-2020-6490 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6490.html CVE-2020-6490 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. CVE-2020-6491 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6491.html CVE-2020-6491 https://bugzilla.suse.com/1171910 SUSE Bug 1171910 Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6493 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6493.html CVE-2020-6493 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6494 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6494.html CVE-2020-6494 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6495 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6495.html CVE-2020-6495 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6496 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6496.html CVE-2020-6496 https://bugzilla.suse.com/1172496 SUSE Bug 1172496 Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6505 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6505.html CVE-2020-6505 https://bugzilla.suse.com/1173029 SUSE Bug 1173029 Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. CVE-2020-6506 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6506.html CVE-2020-6506 https://bugzilla.suse.com/1173029 SUSE Bug 1173029 Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6507 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6507.html CVE-2020-6507 https://bugzilla.suse.com/1173029 SUSE Bug 1173029 Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6509 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6509.html CVE-2020-6509 https://bugzilla.suse.com/1173251 SUSE Bug 1173251 Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6510 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6510.html CVE-2020-6510 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6511 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6511.html CVE-2020-6511 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6512 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6512.html CVE-2020-6512 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-6513 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6513.html CVE-2020-6513 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. CVE-2020-6514 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6514.html CVE-2020-6514 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 https://bugzilla.suse.com/1174538 SUSE Bug 1174538 Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6515 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6515.html CVE-2020-6515 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6516 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6516.html CVE-2020-6516 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6517 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6517.html CVE-2020-6517 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6518 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6518.html CVE-2020-6518 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6519 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6519.html CVE-2020-6519 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6520 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6520.html CVE-2020-6520 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6521 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6521.html CVE-2020-6521 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6522 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6522.html CVE-2020-6522 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6523 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6523.html CVE-2020-6523 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6524 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6524.html CVE-2020-6524 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6525 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6525.html CVE-2020-6525 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6526 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6526.html CVE-2020-6526 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6527 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6527.html CVE-2020-6527 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6528 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6528.html CVE-2020-6528 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. CVE-2020-6529 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6529.html CVE-2020-6529 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2020-6530 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6530.html CVE-2020-6530 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6531 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6531.html CVE-2020-6531 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6532 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6532.html CVE-2020-6532 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6533 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6533.html CVE-2020-6533 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6534 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6534.html CVE-2020-6534 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2020-6535 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6535.html CVE-2020-6535 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. CVE-2020-6536 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6536.html CVE-2020-6536 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2020-6537 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6537.html CVE-2020-6537 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6538 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6538.html CVE-2020-6538 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6539 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6539.html CVE-2020-6539 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6540 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6540.html CVE-2020-6540 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6541 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6541.html CVE-2020-6541 https://bugzilla.suse.com/1174582 SUSE Bug 1174582 Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6542 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6542.html CVE-2020-6542 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6543 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6543.html CVE-2020-6543 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6544 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6544.html CVE-2020-6544 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6545 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6545.html CVE-2020-6545 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. CVE-2020-6546 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6546.html CVE-2020-6546 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. CVE-2020-6547 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6547.html CVE-2020-6547 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6548 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6548.html CVE-2020-6548 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6549 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6549.html CVE-2020-6549 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6550 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6550.html CVE-2020-6550 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6551 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6551.html CVE-2020-6551 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6552 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6552.html CVE-2020-6552 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6553 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6553.html CVE-2020-6553 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2020-6554 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6554.html CVE-2020-6554 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6555 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6555.html CVE-2020-6555 https://bugzilla.suse.com/1175085 SUSE Bug 1175085 Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6556 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6556.html CVE-2020-6556 https://bugzilla.suse.com/1175505 SUSE Bug 1175505 Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2020-6557 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6557.html CVE-2020-6557 https://bugzilla.suse.com/1177408 SUSE Bug 1177408 Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6558 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6558.html CVE-2020-6558 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6559 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6559.html CVE-2020-6559 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6560 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6560.html CVE-2020-6560 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6561 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6561.html CVE-2020-6561 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6562 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6562.html CVE-2020-6562 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2020-6563 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6563.html CVE-2020-6563 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. CVE-2020-6564 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6564.html CVE-2020-6564 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6565 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6565.html CVE-2020-6565 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6566 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6566.html CVE-2020-6566 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6567 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6567.html CVE-2020-6567 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6568 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6568.html CVE-2020-6568 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6569 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6569.html CVE-2020-6569 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. CVE-2020-6570 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6570.html CVE-2020-6570 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2020-6571 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6571.html CVE-2020-6571 https://bugzilla.suse.com/1175757 SUSE Bug 1175757 Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6573 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6573.html CVE-2020-6573 https://bugzilla.suse.com/1176306 SUSE Bug 1176306 Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. CVE-2020-6574 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6574.html CVE-2020-6574 https://bugzilla.suse.com/1176306 SUSE Bug 1176306 Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6575 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6575.html CVE-2020-6575 https://bugzilla.suse.com/1176306 SUSE Bug 1176306 Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6576 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6576.html CVE-2020-6576 https://bugzilla.suse.com/1176306 SUSE Bug 1176306 A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. CVE-2020-6831 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6831.html CVE-2020-6831 https://bugzilla.suse.com/1171186 SUSE Bug 1171186 https://bugzilla.suse.com/1171247 SUSE Bug 1171247 Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21106 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21106.html CVE-2021-21106 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21107 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21107.html CVE-2021-21107 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21108 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21108.html CVE-2021-21108 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21109 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21109.html CVE-2021-21109 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21110 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21110.html CVE-2021-21110 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21111 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21111.html CVE-2021-21111 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21112 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21112.html CVE-2021-21112 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21113 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21113.html CVE-2021-21113 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21114 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21114.html CVE-2021-21114 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21115 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21115.html CVE-2021-21115 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21116 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21116.html CVE-2021-21116 https://bugzilla.suse.com/1180645 SUSE Bug 1180645 Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. CVE-2021-21117 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21117.html CVE-2021-21117 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21118 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21118.html CVE-2021-21118 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21119 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21119.html CVE-2021-21119 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21120 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21120.html CVE-2021-21120 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21121 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21121.html CVE-2021-21121 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21122 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21122.html CVE-2021-21122 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21123 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21123.html CVE-2021-21123 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21124 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21124.html CVE-2021-21124 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21125 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21125.html CVE-2021-21125 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. CVE-2021-21126 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21126.html CVE-2021-21126 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension. CVE-2021-21127 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21127.html CVE-2021-21127 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21128 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21128.html CVE-2021-21128 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21129 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21129.html CVE-2021-21129 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21130 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21130.html CVE-2021-21130 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21131 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21131.html CVE-2021-21131 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21132 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21132.html CVE-2021-21132 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. CVE-2021-21133 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21133.html CVE-2021-21133 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2021-21134 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21134.html CVE-2021-21134 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21135 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21135.html CVE-2021-21135 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21136 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21136.html CVE-2021-21136 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. CVE-2021-21137 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21137.html CVE-2021-21137 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. CVE-2021-21138 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21138.html CVE-2021-21138 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21139 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21139.html CVE-2021-21139 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. CVE-2021-21140 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21140.html CVE-2021-21140 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. CVE-2021-21141 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21141.html CVE-2021-21141 https://bugzilla.suse.com/1181137 SUSE Bug 1181137 Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21142 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21142.html CVE-2021-21142 https://bugzilla.suse.com/1181772 SUSE Bug 1181772 Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2021-21143 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21143.html CVE-2021-21143 https://bugzilla.suse.com/1181772 SUSE Bug 1181772 Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2021-21144 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21144.html CVE-2021-21144 https://bugzilla.suse.com/1181772 SUSE Bug 1181772 Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21145 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21145.html CVE-2021-21145 https://bugzilla.suse.com/1181772 SUSE Bug 1181772 Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21146 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21146.html CVE-2021-21146 https://bugzilla.suse.com/1181772 SUSE Bug 1181772 Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21147 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21147.html CVE-2021-21147 https://bugzilla.suse.com/1181772 SUSE Bug 1181772 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21148 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21148.html CVE-2021-21148 https://bugzilla.suse.com/1181827 SUSE Bug 1181827 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-21149 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21149.html CVE-2021-21149 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21150 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21150.html CVE-2021-21150 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21151 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21151.html CVE-2021-21151 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21152 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21152.html CVE-2021-21152 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21153 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21153.html CVE-2021-21153 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21154 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21154.html CVE-2021-21154 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21155 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21155.html CVE-2021-21155 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. CVE-2021-21156 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21156.html CVE-2021-21156 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21157 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21157.html CVE-2021-21157 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21159 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21159.html CVE-2021-21159 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21160 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21160.html CVE-2021-21160 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21161 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21161.html CVE-2021-21161 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21162 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21162.html CVE-2021-21162 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. CVE-2021-21163 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21163.html CVE-2021-21163 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21164 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21164.html CVE-2021-21164 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21165 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21165.html CVE-2021-21165 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21166 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21166.html CVE-2021-21166 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21167 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21167.html CVE-2021-21167 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-21168 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21168.html CVE-2021-21168 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21169 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21169.html CVE-2021-21169 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21170 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21170.html CVE-2021-21170 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21171 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21171.html CVE-2021-21171 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. CVE-2021-21172 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21172.html CVE-2021-21172 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21173 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21173.html CVE-2021-21173 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21174 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21174.html CVE-2021-21174 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21175 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21175.html CVE-2021-21175 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21176 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21176.html CVE-2021-21176 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-21177 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21177.html CVE-2021-21177 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-21178 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21178.html CVE-2021-21178 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21179 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21179.html CVE-2021-21179 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21180 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21180.html CVE-2021-21180 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-21181 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21181.html CVE-2021-21181 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. CVE-2021-21182 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21182.html CVE-2021-21182 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21183 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21183.html CVE-2021-21183 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21184 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21184.html CVE-2021-21184 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. CVE-2021-21185 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21185.html CVE-2021-21185 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. CVE-2021-21186 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21186.html CVE-2021-21186 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2021-21187 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21187.html CVE-2021-21187 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21188 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21188.html CVE-2021-21188 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21189 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21189.html CVE-2021-21189 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2021-21190 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21190.html CVE-2021-21190 https://bugzilla.suse.com/1182960 SUSE Bug 1182960 https://bugzilla.suse.com/1183514 SUSE Bug 1183514 Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21191 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21191.html CVE-2021-21191 https://bugzilla.suse.com/1183515 SUSE Bug 1183515 Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21192 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21192.html CVE-2021-21192 https://bugzilla.suse.com/1183515 SUSE Bug 1183515 Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21193 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21193.html CVE-2021-21193 https://bugzilla.suse.com/1183515 SUSE Bug 1183515 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21194 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21194.html CVE-2021-21194 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21195 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21195.html CVE-2021-21195 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21196 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21196.html CVE-2021-21196 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21197 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21197.html CVE-2021-21197 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21198 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21198.html CVE-2021-21198 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21199 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21199.html CVE-2021-21199 https://bugzilla.suse.com/1184256 SUSE Bug 1184256 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21201 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21201.html CVE-2021-21201 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21202 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21202.html CVE-2021-21202 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21203 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21203.html CVE-2021-21203 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21204 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21204.html CVE-2021-21204 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-21205 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21205.html CVE-2021-21205 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21206 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21206.html CVE-2021-21206 https://bugzilla.suse.com/1184700 SUSE Bug 1184700 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. CVE-2021-21207 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21207.html CVE-2021-21207 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code. CVE-2021-21208 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21208.html CVE-2021-21208 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21209 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21209.html CVE-2021-21209 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page. CVE-2021-21210 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21210.html CVE-2021-21210 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-21211 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21211.html CVE-2021-21211 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP. CVE-2021-21212 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21212.html CVE-2021-21212 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21213 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21213.html CVE-2021-21213 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2021-21214 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21214.html CVE-2021-21214 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2021-21215 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21215.html CVE-2021-21215 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. CVE-2021-21216 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21216.html CVE-2021-21216 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2021-21217 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21217.html CVE-2021-21217 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2021-21218 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21218.html CVE-2021-21218 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. CVE-2021-21219 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21219.html CVE-2021-21219 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21220 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21220.html CVE-2021-21220 https://bugzilla.suse.com/1184700 SUSE Bug 1184700 Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2021-21221 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21221.html CVE-2021-21221 https://bugzilla.suse.com/1184764 SUSE Bug 1184764 Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2021-21222 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21222.html CVE-2021-21222 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21223 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21223.html CVE-2021-21223 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2021-21224 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21224.html CVE-2021-21224 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21225 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21225.html CVE-2021-21225 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21226 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21226.html CVE-2021-21226 https://bugzilla.suse.com/1185047 SUSE Bug 1185047 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21227 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21227.html CVE-2021-21227 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2021-21228 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21228.html CVE-2021-21228 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-21229 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21229.html CVE-2021-21229 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21230 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21230.html CVE-2021-21230 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21231 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21231.html CVE-2021-21231 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21232 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21232.html CVE-2021-21232 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21233 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-21233.html CVE-2021-21233 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2021-30506 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30506.html CVE-2021-30506 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2021-30507 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30507.html CVE-2021-30507 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30508 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30508.html CVE-2021-30508 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension. CVE-2021-30509 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30509.html CVE-2021-30509 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30510 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30510.html CVE-2021-30510 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. CVE-2021-30511 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30511.html CVE-2021-30511 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30512 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30512.html CVE-2021-30512 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30513 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30513.html CVE-2021-30513 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30514 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30514.html CVE-2021-30514 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30515 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30515.html CVE-2021-30515 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30516 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30516.html CVE-2021-30516 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30517 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30517.html CVE-2021-30517 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30518 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30518.html CVE-2021-30518 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30519 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30519.html CVE-2021-30519 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30520 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30520.html CVE-2021-30520 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-30521 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30521.html CVE-2021-30521 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30522 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30522.html CVE-2021-30522 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. CVE-2021-30523 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30523.html CVE-2021-30523 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30524 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30524.html CVE-2021-30524 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30525 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30525.html CVE-2021-30525 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. CVE-2021-30526 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30526.html CVE-2021-30526 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30527 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30527.html CVE-2021-30527 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30528 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30528.html CVE-2021-30528 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30529 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30529.html CVE-2021-30529 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-30530 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30530.html CVE-2021-30530 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30531 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30531.html CVE-2021-30531 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30532 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30532.html CVE-2021-30532 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. CVE-2021-30533 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30533.html CVE-2021-30533 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2021-30534 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30534.html CVE-2021-30534 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30535 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30535.html CVE-2021-30535 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. CVE-2021-30536 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30536.html CVE-2021-30536 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. CVE-2021-30537 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30537.html CVE-2021-30537 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30538 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30538.html CVE-2021-30538 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2021-30539 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30539.html CVE-2021-30539 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-30540 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30540.html CVE-2021-30540 https://bugzilla.suse.com/1186458 SUSE Bug 1186458 Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30541 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30541.html CVE-2021-30541 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30544 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30544.html CVE-2021-30544 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30545 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30545.html CVE-2021-30545 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30546 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30546.html CVE-2021-30546 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-30547 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30547.html CVE-2021-30547 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 https://bugzilla.suse.com/1188275 SUSE Bug 1188275 Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30548 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30548.html CVE-2021-30548 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30549 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30549.html CVE-2021-30549 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30550 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30550.html CVE-2021-30550 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30551 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30551.html CVE-2021-30551 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30552 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30552.html CVE-2021-30552 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30553 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30553.html CVE-2021-30553 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30554.html CVE-2021-30554 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. CVE-2021-30555 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30555.html CVE-2021-30555 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30556 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30556.html CVE-2021-30556 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30557 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30557.html CVE-2021-30557 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30559 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30559.html CVE-2021-30559 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30560 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30560.html CVE-2021-30560 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 https://bugzilla.suse.com/1208574 SUSE Bug 1208574 https://bugzilla.suse.com/1211500 SUSE Bug 1211500 https://bugzilla.suse.com/1211501 SUSE Bug 1211501 https://bugzilla.suse.com/1211544 SUSE Bug 1211544 Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30561 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30561.html CVE-2021-30561 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30562 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30562.html CVE-2021-30562 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30563 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30563.html CVE-2021-30563 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30564 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30564.html CVE-2021-30564 https://bugzilla.suse.com/1188373 SUSE Bug 1188373 Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. CVE-2021-30565 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30565.html CVE-2021-30565 Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page. CVE-2021-30566 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30566.html CVE-2021-30566 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. CVE-2021-30567 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30567.html CVE-2021-30567 Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30568 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30568.html CVE-2021-30568 Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30569 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30569.html CVE-2021-30569 Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-30571 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30571.html CVE-2021-30571 Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30572 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30572.html CVE-2021-30572 Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30573 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30573.html CVE-2021-30573 Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30574 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30574.html CVE-2021-30574 Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30575 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30575.html CVE-2021-30575 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30576 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30576.html CVE-2021-30576 Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. CVE-2021-30577 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30577.html CVE-2021-30577 Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-30578 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30578.html CVE-2021-30578 Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30579 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30579.html CVE-2021-30579 Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30581 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30581.html CVE-2021-30581 Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2021-30582 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30582.html CVE-2021-30582 Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-30584 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30584.html CVE-2021-30584 Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30585 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30585.html CVE-2021-30585 Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30588 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30588.html CVE-2021-30588 Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. CVE-2021-30589 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30589.html CVE-2021-30589 Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30590 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30590.html CVE-2021-30590 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30591 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30591.html CVE-2021-30591 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. CVE-2021-30592 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30592.html CVE-2021-30592 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. CVE-2021-30593 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30593.html CVE-2021-30593 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. CVE-2021-30594 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30594.html CVE-2021-30594 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2021-30596 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30596.html CVE-2021-30596 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. CVE-2021-30597 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30597.html CVE-2021-30597 https://bugzilla.suse.com/1189006 SUSE Bug 1189006 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2021-30598 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30598.html CVE-2021-30598 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. CVE-2021-30599 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30599.html CVE-2021-30599 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30600 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30600.html CVE-2021-30600 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30601 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30601.html CVE-2021-30601 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30602 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30602.html CVE-2021-30602 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30603 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30603.html CVE-2021-30603 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30604 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30604.html CVE-2021-30604 https://bugzilla.suse.com/1189490 SUSE Bug 1189490 Chromium: CVE-2021-30606 Use after free in Blink CVE-2021-30606 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30606.html CVE-2021-30606 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30607 Use after free in Permissions CVE-2021-30607 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30607.html CVE-2021-30607 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30608 Use after free in Web Share CVE-2021-30608 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30608.html CVE-2021-30608 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30609 Use after free in Sign-In CVE-2021-30609 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30609.html CVE-2021-30609 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30610 Use after free in Extensions API CVE-2021-30610 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30610.html CVE-2021-30610 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30611 Use after free in WebRTC CVE-2021-30611 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30611.html CVE-2021-30611 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30612 Use after free in WebRTC CVE-2021-30612 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30612.html CVE-2021-30612 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30613 Use after free in Base internals CVE-2021-30613 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30613.html CVE-2021-30613 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip CVE-2021-30614 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30614.html CVE-2021-30614 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation CVE-2021-30615 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30615.html CVE-2021-30615 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30616 Use after free in Media CVE-2021-30616 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30616.html CVE-2021-30616 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30617 Policy bypass in Blink CVE-2021-30617 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30617.html CVE-2021-30617 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools CVE-2021-30618 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30618.html CVE-2021-30618 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30619 UI Spoofing in Autofill CVE-2021-30619 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30619.html CVE-2021-30619 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink CVE-2021-30620 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30620.html CVE-2021-30620 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30621 UI Spoofing in Autofill CVE-2021-30621 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30621.html CVE-2021-30621 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30622 Use after free in WebApp Installs CVE-2021-30622 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30622.html CVE-2021-30622 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30623 Use after free in Bookmarks CVE-2021-30623 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30623.html CVE-2021-30623 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Chromium: CVE-2021-30624 Use after free in Autofill CVE-2021-30624 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30624.html CVE-2021-30624 https://bugzilla.suse.com/1190096 SUSE Bug 1190096 Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30625 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30625.html CVE-2021-30625 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30626 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30626.html CVE-2021-30626 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30627 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30627.html CVE-2021-30627 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. CVE-2021-30628 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30628.html CVE-2021-30628 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30629 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30629.html CVE-2021-30629 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. CVE-2021-30630 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30630.html CVE-2021-30630 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2021-30631 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30631.html CVE-2021-30631 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30632 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30632.html CVE-2021-30632 https://bugzilla.suse.com/1190476 SUSE Bug 1190476 Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-30633 openSUSE Tumbleweed:chromedriver-93.0.4577.82-1.1 openSUSE Tumbleweed:chromium-93.0.4577.82-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-30633.html CVE-2021-30633 https://bugzilla.suse.com/1190476 SUSE Bug 1190476