972834 – (CVE-2016-1646) VUL-0: CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650: chromium: multiple vulnerabilities fixed in 49.0.2623.108

Bug 972834 (CVE-2016-1646) - VUL-0: CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650: chromium: multiple vulnerabilities fixed in 49.0.2623.108

Summary: VUL-0: CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1...

Status:	RESOLVED FIXED
Duplicates (1):	CVE-2016-3679 (view as bug list)

Alias:	CVE-2016-1646

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 42.1

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-03-28 13:30 UTC by Andreas Stieger
Modified:	2016-06-30 14:14 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-03-28 13:30:19 UTC

http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html

- CVE-2016-1646: Out-of-bounds read in V8
- CVE-2016-1647: Use-after-free in Navigation
- CVE-2016-1648: Use-after-free in Extensions
- CVE-2016-1649: Buffer overflow in libANGLE
- CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33)

Comment 1 Swamp Workflow Management 2016-03-28 20:41:16 UTC

bugbot adjusting priority

Comment 2 Forgotten User sM9JzehKpy 2016-03-31 04:03:17 UTC

*** Bug 973166 has been marked as a duplicate of this bug. ***

Comment 3 Andreas Stieger 2016-03-31 09:23:15 UTC

All submitted.

Comment 4 Andreas Stieger 2016-03-31 21:34:16 UTC

Releasing

Comment 5 Swamp Workflow Management 2016-04-01 01:07:40 UTC

openSUSE-SU-2016:0929-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 972834
CVE References: CVE-2016-1646,CVE-2016-1647,CVE-2016-1648,CVE-2016-1649,CVE-2016-1650,CVE-2016-3679
Sources used:
openSUSE Leap 42.1 (src):    chromium-49.0.2623.110-37.1
openSUSE 13.2 (src):    chromium-49.0.2623.110-90.1

Comment 6 Swamp Workflow Management 2016-04-01 01:07:53 UTC

openSUSE-SU-2016:0930-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 972834
CVE References: CVE-2016-1646,CVE-2016-1647,CVE-2016-1648,CVE-2016-1649,CVE-2016-1650,CVE-2016-3679
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-49.0.2623.110-64.1

Comment 7 Swamp Workflow Management 2016-04-16 11:07:43 UTC

openSUSE-SU-2016:1059-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 972834
CVE References: CVE-2016-1646,CVE-2016-1647,CVE-2016-1648,CVE-2016-1649,CVE-2016-1650,CVE-2016-3679
Sources used:
openSUSE 13.1 (src):    chromium-49.0.2623.110-141.2