Bug 975572 (CVE-2016-1651) - VUL-0: chromium: Chrome 50.0.2661.75 contains a number of fixes and improvements
Summary: VUL-0: chromium: Chrome 50.0.2661.75 contains a number of fixes and improvements
Status: RESOLVED FIXED
Alias: CVE-2016-1651
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-14 12:07 UTC by Johannes Segitz
Modified: 2016-04-24 10:07 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-04-14 12:07:59 UTC 
20 security issues were fixed in the new release. Details are available at
http://googlechromereleases.blogspot.de/2016/04/stable-channel-update_13.html

Listed on there:
CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.
CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.
CVE-2016-1659: Various fixes from internal audits, fuzzing and other initiatives.

The link for the complete list of security issues doesn't work currently.
Comment 1 Swamp Workflow Management 2016-04-14 22:01:12 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-04-15 11:50:14 UTC 
Build fix is in https://build.opensuse.org/request/show/390181
Comment 3 Andreas Stieger 2016-04-16 11:44:48 UTC 
all submitted and update running
Comment 4 Swamp Workflow Management 2016-04-17 11:08:03 UTC 
SUSE-SU-2016:1060-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 975572
CVE References: CVE-2016-1651,CVE-2016-1652,CVE-2016-1653,CVE-2016-1654,CVE-2016-1655,CVE-2016-1656,CVE-2016-1657,CVE-2016-1658,CVE-2016-1659
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    chromium-50.0.2661.75-68.1
Comment 5 Swamp Workflow Management 2016-04-17 11:08:22 UTC 
openSUSE-SU-2016:1061-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 975572
CVE References: CVE-2016-1651,CVE-2016-1652,CVE-2016-1653,CVE-2016-1654,CVE-2016-1655,CVE-2016-1656,CVE-2016-1657,CVE-2016-1658,CVE-2016-1659
Sources used:
openSUSE Leap 42.1 (src):    chromium-50.0.2661.75-41.1
Comment 6 Andreas Stieger 2016-04-23 20:12:35 UTC 
release
Comment 7 Swamp Workflow Management 2016-04-24 00:07:50 UTC 
openSUSE-SU-2016:1135-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 975572
CVE References: CVE-2016-1651,CVE-2016-1652,CVE-2016-1653,CVE-2016-1654,CVE-2016-1655,CVE-2016-1656,CVE-2016-1657,CVE-2016-1658,CVE-2016-1659
Sources used:
openSUSE 13.2 (src):    chromium-50.0.2661.75-94.3
Comment 8 Swamp Workflow Management 2016-04-24 10:07:43 UTC 
openSUSE-SU-2016:1136-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 975572
CVE References: CVE-2016-1651,CVE-2016-1652,CVE-2016-1653,CVE-2016-1654,CVE-2016-1655,CVE-2016-1656,CVE-2016-1657,CVE-2016-1658,CVE-2016-1659
Sources used:
openSUSE 13.1 (src):    chromium-50.0.2661.75-144.1