Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-5148 (GCVE-0-2016-5148)
Vulnerability from cvelistv5 – Published: 2016-09-11 10:00 – Updated: 2024-08-06 00:53
VLAI
EPSS
Summary
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://googlechromereleases.blogspot.com/2016/08… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/92717 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1036729 | vdb-entryx_refsource_SECTRACK |
| https://codereview.chromium.org/2134113002 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://crbug.com/621362 | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3660 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201610-09 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2016-1854.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2016-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:47.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "SUSE-SU-2016:2251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
},
{
"name": "92717",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://codereview.chromium.org/2134113002"
},
{
"name": "openSUSE-SU-2016:2349",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/621362"
},
{
"name": "DSA-3660",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "openSUSE-SU-2016:2250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "SUSE-SU-2016:2251",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
},
{
"name": "92717",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://codereview.chromium.org/2134113002"
},
{
"name": "openSUSE-SU-2016:2349",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/621362"
},
{
"name": "DSA-3660",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
},
{
"name": "SUSE-SU-2016:2251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
},
{
"name": "92717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92717"
},
{
"name": "1036729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036729"
},
{
"name": "https://codereview.chromium.org/2134113002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2134113002"
},
{
"name": "openSUSE-SU-2016:2349",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
},
{
"name": "https://crbug.com/621362",
"refsource": "CONFIRM",
"url": "https://crbug.com/621362"
},
{
"name": "DSA-3660",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3660"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-5148",
"datePublished": "2016-09-11T10:00:00.000Z",
"dateReserved": "2016-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:53:47.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-5148",
"date": "2026-05-27",
"epss": "0.00454",
"percentile": "0.63984"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-5148\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2016-09-11T10:59:02.613\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \\\"Universal XSS (UXSS).\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con actualizaciones de widget, vulnerabilidad tambi\u00e9n conocida como \\\"Universal XSS (UXSS)\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"52.0.2743.116\",\"matchCriteriaId\":\"2B9B1F3E-5ED5-490F-9AB5-B2065C2C99FF\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1854.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3660\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securityfocus.com/bid/92717\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://www.securitytracker.com/id/1036729\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://codereview.chromium.org/2134113002\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/621362\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/201610-09\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1854.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3660\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/92717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://codereview.chromium.org/2134113002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/621362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201610-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2016:2251-1
Vulnerability from csaf_suse - Published: 2016-09-01 12:42 - Updated: 2016-09-01 12:42Summary
Security update for Chromium
Severity
Important
Notes
Title of the patch: Security update for Chromium
Description of the patch: Chromium was updated to 53.0.2785.89 to fix a number of security issues.
The following vulnerabilities were fixed: (boo#996648)
- CVE-2016-5147: Universal XSS in Blink.
- CVE-2016-5148: Universal XSS in Blink.
- CVE-2016-5149: Script injection in extensions.
- CVE-2016-5150: Use after free in Blink.
- CVE-2016-5151: Use after free in PDFium.
- CVE-2016-5152: Heap overflow in PDFium.
- CVE-2016-5153: Use after destruction in Blink.
- CVE-2016-5154: Heap overflow in PDFium.
- CVE-2016-5155: Address bar spoofing.
- CVE-2016-5156: Use after free in event bindings.
- CVE-2016-5157: Heap overflow in PDFium.
- CVE-2016-5158: Heap overflow in PDFium.
- CVE-2016-5159: Heap overflow in PDFium.
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass.
- CVE-2016-5163: Address bar spoofing.
- CVE-2016-5164: Universal XSS using DevTools.
- CVE-2016-5165: Script injection in DevTools.
- CVE-2016-5166: SMB Relay Attack via Save Page As.
- CVE-2016-5160: Extensions web accessible resources bypass.
A number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)
Patchnames: 5568
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
68 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "Chromium was updated to 53.0.2785.89 to fix a number of security issues.\n\nThe following vulnerabilities were fixed: (boo#996648)\n\n- CVE-2016-5147: Universal XSS in Blink.\n- CVE-2016-5148: Universal XSS in Blink.\n- CVE-2016-5149: Script injection in extensions.\n- CVE-2016-5150: Use after free in Blink.\n- CVE-2016-5151: Use after free in PDFium.\n- CVE-2016-5152: Heap overflow in PDFium.\n- CVE-2016-5153: Use after destruction in Blink.\n- CVE-2016-5154: Heap overflow in PDFium.\n- CVE-2016-5155: Address bar spoofing.\n- CVE-2016-5156: Use after free in event bindings.\n- CVE-2016-5157: Heap overflow in PDFium.\n- CVE-2016-5158: Heap overflow in PDFium.\n- CVE-2016-5159: Heap overflow in PDFium.\n- CVE-2016-5161: Type confusion in Blink.\n- CVE-2016-5162: Extensions web accessible resources bypass.\n- CVE-2016-5163: Address bar spoofing.\n- CVE-2016-5164: Universal XSS using DevTools.\n- CVE-2016-5165: Script injection in DevTools.\n- CVE-2016-5166: SMB Relay Attack via Save Page As.\n- CVE-2016-5160: Extensions web accessible resources bypass.\n\nA number of tracked build system fixes are included. (boo#996032, boo#99606, boo#995932)",
"title": "Description of the patch"
},
{
"category": "details",
"text": "5568",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2251-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2251-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162251-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2251-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-September/002259.html"
},
{
"category": "self",
"summary": "SUSE Bug 995932",
"url": "https://bugzilla.suse.com/995932"
},
{
"category": "self",
"summary": "SUSE Bug 996032",
"url": "https://bugzilla.suse.com/996032"
},
{
"category": "self",
"summary": "SUSE Bug 99606",
"url": "https://bugzilla.suse.com/99606"
},
{
"category": "self",
"summary": "SUSE Bug 996648",
"url": "https://bugzilla.suse.com/996648"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5147 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5148 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5149 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5150 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5151 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5152 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5153 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5154 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5155 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5156 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5157 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5158 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5159 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5160 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5161 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5161/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5162 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5163 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5164 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5165 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5166 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5166/"
}
],
"title": "Security update for Chromium",
"tracking": {
"current_release_date": "2016-09-01T12:42:13Z",
"generator": {
"date": "2016-09-01T12:42:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2251-1",
"initial_release_date": "2016-09-01T12:42:13Z",
"revision_history": [
{
"date": "2016-09-01T12:42:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromedriver-53.0.2785.89-96.1.x86_64",
"product_id": "chromedriver-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"product": {
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"product_id": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12",
"product": {
"name": "SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromedriver-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64 as component of SUSE Package Hub 12",
"product_id": "SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
},
"product_reference": "chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5147"
}
],
"notes": [
{
"category": "general",
"text": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5147",
"url": "https://www.suse.com/security/cve/CVE-2016-5147"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5147",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5147"
},
{
"cve": "CVE-2016-5148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5148"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5148",
"url": "https://www.suse.com/security/cve/CVE-2016-5148"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5148",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5148"
},
{
"cve": "CVE-2016-5149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5149"
}
],
"notes": [
{
"category": "general",
"text": "The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5149",
"url": "https://www.suse.com/security/cve/CVE-2016-5149"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5149",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5149"
},
{
"cve": "CVE-2016-5150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5150"
}
],
"notes": [
{
"category": "general",
"text": "WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5150",
"url": "https://www.suse.com/security/cve/CVE-2016-5150"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5150",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5150"
},
{
"cve": "CVE-2016-5151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5151"
}
],
"notes": [
{
"category": "general",
"text": "PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5151",
"url": "https://www.suse.com/security/cve/CVE-2016-5151"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5151",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5151"
},
{
"cve": "CVE-2016-5152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5152"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5152",
"url": "https://www.suse.com/security/cve/CVE-2016-5152"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5152",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5152"
},
{
"cve": "CVE-2016-5153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5153"
}
],
"notes": [
{
"category": "general",
"text": "The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5153",
"url": "https://www.suse.com/security/cve/CVE-2016-5153"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5153",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5153"
},
{
"cve": "CVE-2016-5154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5154"
}
],
"notes": [
{
"category": "general",
"text": "Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5154",
"url": "https://www.suse.com/security/cve/CVE-2016-5154"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5154",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5154"
},
{
"cve": "CVE-2016-5155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5155"
}
],
"notes": [
{
"category": "general",
"text": "Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5155",
"url": "https://www.suse.com/security/cve/CVE-2016-5155"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5155",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5155"
},
{
"cve": "CVE-2016-5156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5156"
}
],
"notes": [
{
"category": "general",
"text": "extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5156",
"url": "https://www.suse.com/security/cve/CVE-2016-5156"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5156",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5156"
},
{
"cve": "CVE-2016-5157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5157"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5157",
"url": "https://www.suse.com/security/cve/CVE-2016-5157"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5157",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5157"
},
{
"cve": "CVE-2016-5158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5158"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5158",
"url": "https://www.suse.com/security/cve/CVE-2016-5158"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5158",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5158"
},
{
"cve": "CVE-2016-5159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5159"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5159",
"url": "https://www.suse.com/security/cve/CVE-2016-5159"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5159",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5159"
},
{
"cve": "CVE-2016-5160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5160"
}
],
"notes": [
{
"category": "general",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5160",
"url": "https://www.suse.com/security/cve/CVE-2016-5160"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5160",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5160"
},
{
"cve": "CVE-2016-5161",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5161"
}
],
"notes": [
{
"category": "general",
"text": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5161",
"url": "https://www.suse.com/security/cve/CVE-2016-5161"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5161",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5161"
},
{
"cve": "CVE-2016-5162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5162"
}
],
"notes": [
{
"category": "general",
"text": "The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension\u0027s manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5162",
"url": "https://www.suse.com/security/cve/CVE-2016-5162"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5162",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5162"
},
{
"cve": "CVE-2016-5163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5163"
}
],
"notes": [
{
"category": "general",
"text": "The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5163",
"url": "https://www.suse.com/security/cve/CVE-2016-5163"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5163",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5163"
},
{
"cve": "CVE-2016-5164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5164"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka \"Universal XSS (UXSS).\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5164",
"url": "https://www.suse.com/security/cve/CVE-2016-5164"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5164",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5164"
},
{
"cve": "CVE-2016-5165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5165"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL\u0027s query string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5165",
"url": "https://www.suse.com/security/cve/CVE-2016-5165"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5165",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5165"
},
{
"cve": "CVE-2016-5166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5166"
}
],
"notes": [
{
"category": "general",
"text": "The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the \"Save page as\" menu choice.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5166",
"url": "https://www.suse.com/security/cve/CVE-2016-5166"
},
{
"category": "external",
"summary": "SUSE Bug 996648 for CVE-2016-5166",
"url": "https://bugzilla.suse.com/996648"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12:chromedriver-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-gnome-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-desktop-kde-53.0.2785.89-96.1.x86_64",
"SUSE Package Hub 12:chromium-ffmpegsumo-53.0.2785.89-96.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-09-01T12:42:13Z",
"details": "important"
}
],
"title": "CVE-2016-5166"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…