Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13666 (GCVE-0-2019-13666)
Vulnerability from cvelistv5 – Published: 2019-11-25 14:22 – Updated: 2024-08-04 23:57
VLAI?
EPSS
Summary
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Side-channel information leakage
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2019/09/sta… | x_refsource_MISC |
| https://crbug.com/960305 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/960305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "77.0.3865.75",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Side-channel information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T14:22:53.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/960305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77.0.3865.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Side-channel information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/960305",
"refsource": "MISC",
"url": "https://crbug.com/960305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-13666",
"datePublished": "2019-11-25T14:22:53.000Z",
"dateReserved": "2019-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:57:39.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-13666",
"date": "2026-05-19",
"epss": "0.00336",
"percentile": "0.56475"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"77.0.3865.75\", \"matchCriteriaId\": \"35E0B140-F006-4C6D-86AB-D822C9827E15\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"Una fuga de informaci\\u00f3n en storage en Google Chrome versiones anteriores a 77.0.3865.75, permiti\\u00f3 a un atacante remoto filtrar datos de origen cruzado por medio de una p\\u00e1gina HTML dise\\u00f1ada.\"}]",
"id": "CVE-2019-13666",
"lastModified": "2024-11-21T04:25:28.320",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-11-25T15:15:30.307",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://crbug.com/960305\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://crbug.com/960305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13666\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2019-11-25T15:15:30.307\",\"lastModified\":\"2024-11-21T04:25:28.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Una fuga de informaci\u00f3n en storage en Google Chrome versiones anteriores a 77.0.3865.75, permiti\u00f3 a un atacante remoto filtrar datos de origen cruzado por medio de una p\u00e1gina HTML dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"77.0.3865.75\",\"matchCriteriaId\":\"35E0B140-F006-4C6D-86AB-D822C9827E15\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://crbug.com/960305\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://crbug.com/960305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2019-AVI-432
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 77.0.3865.75",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5871"
},
{
"name": "CVE-2019-13670",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13670"
},
{
"name": "CVE-2019-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5870"
},
{
"name": "CVE-2019-13673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13673"
},
{
"name": "CVE-2019-13668",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13668"
},
{
"name": "CVE-2019-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5880"
},
{
"name": "CVE-2019-13683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13683"
},
{
"name": "CVE-2019-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13676"
},
{
"name": "CVE-2019-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5872"
},
{
"name": "CVE-2019-13677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13677"
},
{
"name": "CVE-2019-13671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13671"
},
{
"name": "CVE-2019-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5877"
},
{
"name": "CVE-2019-13660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13660"
},
{
"name": "CVE-2019-13679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13679"
},
{
"name": "CVE-2019-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5879"
},
{
"name": "CVE-2019-13674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13674"
},
{
"name": "CVE-2019-13664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13664"
},
{
"name": "CVE-2019-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5875"
},
{
"name": "CVE-2019-13667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13667"
},
{
"name": "CVE-2019-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5876"
},
{
"name": "CVE-2019-13675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13675"
},
{
"name": "CVE-2019-13663",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13663"
},
{
"name": "CVE-2019-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5874"
},
{
"name": "CVE-2019-5873",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5873"
},
{
"name": "CVE-2019-13682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13682"
},
{
"name": "CVE-2019-13665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13665"
},
{
"name": "CVE-2019-13662",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13662"
},
{
"name": "CVE-2019-13680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13680"
},
{
"name": "CVE-2019-13678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13678"
},
{
"name": "CVE-2019-13661",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13661"
},
{
"name": "CVE-2019-13666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13666"
},
{
"name": "CVE-2019-13659",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13659"
},
{
"name": "CVE-2019-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5881"
},
{
"name": "CVE-2019-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5878"
},
{
"name": "CVE-2019-13669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13669"
},
{
"name": "CVE-2019-13681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13681"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 10 septembre 2019",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
]
}
CERTFR-2019-AVI-432
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 77.0.3865.75",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5871"
},
{
"name": "CVE-2019-13670",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13670"
},
{
"name": "CVE-2019-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5870"
},
{
"name": "CVE-2019-13673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13673"
},
{
"name": "CVE-2019-13668",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13668"
},
{
"name": "CVE-2019-5880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5880"
},
{
"name": "CVE-2019-13683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13683"
},
{
"name": "CVE-2019-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13676"
},
{
"name": "CVE-2019-5872",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5872"
},
{
"name": "CVE-2019-13677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13677"
},
{
"name": "CVE-2019-13671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13671"
},
{
"name": "CVE-2019-5877",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5877"
},
{
"name": "CVE-2019-13660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13660"
},
{
"name": "CVE-2019-13679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13679"
},
{
"name": "CVE-2019-5879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5879"
},
{
"name": "CVE-2019-13674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13674"
},
{
"name": "CVE-2019-13664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13664"
},
{
"name": "CVE-2019-5875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5875"
},
{
"name": "CVE-2019-13667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13667"
},
{
"name": "CVE-2019-5876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5876"
},
{
"name": "CVE-2019-13675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13675"
},
{
"name": "CVE-2019-13663",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13663"
},
{
"name": "CVE-2019-5874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5874"
},
{
"name": "CVE-2019-5873",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5873"
},
{
"name": "CVE-2019-13682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13682"
},
{
"name": "CVE-2019-13665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13665"
},
{
"name": "CVE-2019-13662",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13662"
},
{
"name": "CVE-2019-13680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13680"
},
{
"name": "CVE-2019-13678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13678"
},
{
"name": "CVE-2019-13661",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13661"
},
{
"name": "CVE-2019-13666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13666"
},
{
"name": "CVE-2019-13659",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13659"
},
{
"name": "CVE-2019-5881",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5881"
},
{
"name": "CVE-2019-5878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5878"
},
{
"name": "CVE-2019-13669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13669"
},
{
"name": "CVE-2019-13681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13681"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 10 septembre 2019",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
}
]
}
BDU:2020-01625
Vulnerability from fstec - Published: 25.11.2019
VLAI Severity ?
Title
Уязвимость браузера Google Chrome, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к информации
Description
Уязвимость браузера Google Chrome связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к информации при помощи специально созданной HTML-страницы
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Red Hat Inc., Novell Inc., Google Inc, АО «ИВК», АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Альт 8 СП (запись в едином реестре российских программ №4305), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), Desktop 6.0 (Red Hat Enterprise Linux), Server 6.0 (Red Hat Enterprise Linux), Workstation 6.0 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 12 SP3 (SUSE Package Hub for SUSE Linux Enterprise), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), до 77.0.3865.75 (Google Chrome), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для chromium:
Обновление программного обеспечения до 78.0.3904.97-1~deb10u1 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета chromium) до 78.0.3904.97-1~deb10u1 или более поздней версии
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2019-13666/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2019-13666
Для ОС ОН «Стрелец»:
Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет chromium до 80.0.3987.87-1astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16
Reference
https://www.suse.com/security/cve/CVE-2019-13666/
https://access.redhat.com/security/cve/cve-2019-13666
https://nvd.nist.gov/vuln/detail/CVE-2019-13666
https://security-tracker.debian.org/tracker/CVE-2019-13666
https://crbug.com/960305
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Novell Inc., Google Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), Desktop 6.0 (Red Hat Enterprise Linux), Server 6.0 (Red Hat Enterprise Linux), Workstation 6.0 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 12 SP3 (SUSE Package Hub for SUSE Linux Enterprise), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u0434\u043e 77.0.3865.75 (Google Chrome), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f chromium:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 78.0.3904.97-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 chromium) \u0434\u043e 78.0.3904.97-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-13666/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2019-13666\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 80.0.3987.87-1astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20200327SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.04.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01625",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-13666",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux Desktop 6.0 , Red Hat Inc. Red Hat Enterprise Linux Server 6.0 , Red Hat Inc. Red Hat Enterprise Linux Workstation 6.0 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/security/cve/CVE-2019-13666/\nhttps://access.redhat.com/security/cve/cve-2019-13666\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13666\nhttps://security-tracker.debian.org/tracker/CVE-2019-13666\nhttps://crbug.com/960305\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}
FKIE_CVE-2019-13666
Vulnerability from fkie_nvd - Published: 2019-11-25 15:15 - Updated: 2024-11-21 04:25
Severity ?
Summary
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E0B140-F006-4C6D-86AB-D822C9827E15",
"versionEndExcluding": "77.0.3865.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
},
{
"lang": "es",
"value": "Una fuga de informaci\u00f3n en storage en Google Chrome versiones anteriores a 77.0.3865.75, permiti\u00f3 a un atacante remoto filtrar datos de origen cruzado por medio de una p\u00e1gina HTML dise\u00f1ada."
}
],
"id": "CVE-2019-13666",
"lastModified": "2024-11-21T04:25:28.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-25T15:15:30.307",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/960305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/960305"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6VXC-97R3-3QMP
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01
VLAI?
Details
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2019-13666"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-25T15:15:00Z",
"severity": "MODERATE"
},
"details": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GHSA-6vxc-97r3-3qmp",
"modified": "2022-05-24T17:01:52Z",
"published": "2022-05-24T17:01:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13666"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/960305"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2019-13666
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13666",
"description": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GSD-2019-13666",
"references": [
"https://www.suse.com/security/cve/CVE-2019-13666.html",
"https://www.debian.org/security/2019/dsa-4562",
"https://access.redhat.com/errata/RHSA-2019:3211",
"https://advisories.mageia.org/CVE-2019-13666.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13666"
],
"details": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"id": "GSD-2019-13666",
"modified": "2023-12-13T01:23:41.732568Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77.0.3865.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Side-channel information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/960305",
"refsource": "MISC",
"url": "https://crbug.com/960305"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "77.0.3865.75",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-13666"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/960305",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://crbug.com/960305"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
},
"lastModifiedDate": "2021-07-21T11:39Z",
"publishedDate": "2019-11-25T15:15Z"
}
}
}
OPENSUSE-SU-2019:2152-1
Vulnerability from csaf_opensuse - Published: 2019-09-19 05:36 - Updated: 2019-09-19 05:36Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium to 77.0.3865.75 fixes the following issues:
Security issues fixed:
- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)
- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)
- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)
- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)
- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)
- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)
- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)
- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)
- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)
- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)
- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)
- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)
- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
- CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425)
Patchnames: openSUSE-2019-2152
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium to 77.0.3865.75 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)\n- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)\n- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)\n- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)\n- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)\n- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)\n- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)\n- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)\n- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)\n- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)\n- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)\n- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)\n- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)\n- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)\n- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)\n- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)\n- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)\n- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)\n- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)\n- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)\n- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)\n- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)\n- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)\n- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)\n- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)\n- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)\n- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)\n- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)\n- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)\n- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)\n- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)\n- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)\n- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)\n- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)\n- CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2152",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2152-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2152-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2152-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE/#QOIVNYQVIG4LWU73BUUBPZ5CTBNPELAE"
},
{
"category": "self",
"summary": "SUSE Bug 1150425",
"url": "https://bugzilla.suse.com/1150425"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13659 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13660 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13661 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13662 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13663 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13664 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13665 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13667 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13668 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13669 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13670 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13671 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13673 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13675 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13676 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13677 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13678 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13679 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13680 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13681 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13682 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13683 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5871 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5872 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5875 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5876 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5877 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5878 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5879 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5881 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5881/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2019-09-19T05:36:39Z",
"generator": {
"date": "2019-09-19T05:36:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2152-1",
"initial_release_date": "2019-09-19T05:36:39Z",
"revision_history": [
{
"date": "2019-09-19T05:36:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"product": {
"name": "chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"product_id": "chromedriver-77.0.3865.75-lp151.2.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-77.0.3865.75-lp151.2.30.1.x86_64",
"product": {
"name": "chromium-77.0.3865.75-lp151.2.30.1.x86_64",
"product_id": "chromium-77.0.3865.75-lp151.2.30.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-77.0.3865.75-lp151.2.30.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64"
},
"product_reference": "chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-77.0.3865.75-lp151.2.30.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
},
"product_reference": "chromium-77.0.3865.75-lp151.2.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13659"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13659",
"url": "https://www.suse.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13659",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13659"
},
{
"cve": "CVE-2019-13660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13660"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13660",
"url": "https://www.suse.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13660",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13660"
},
{
"cve": "CVE-2019-13661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13661"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13661",
"url": "https://www.suse.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13661",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13661"
},
{
"cve": "CVE-2019-13662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13662"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13662",
"url": "https://www.suse.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13662",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13662"
},
{
"cve": "CVE-2019-13663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13663"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13663",
"url": "https://www.suse.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13663",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13663"
},
{
"cve": "CVE-2019-13664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13664"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13664",
"url": "https://www.suse.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13664",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13664"
},
{
"cve": "CVE-2019-13665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13665"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13665",
"url": "https://www.suse.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13665",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13665"
},
{
"cve": "CVE-2019-13666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13666"
}
],
"notes": [
{
"category": "general",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13666",
"url": "https://www.suse.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13666",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-13666"
},
{
"cve": "CVE-2019-13667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13667"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13667",
"url": "https://www.suse.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13667",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13667"
},
{
"cve": "CVE-2019-13668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13668"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13668",
"url": "https://www.suse.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13668",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-13668"
},
{
"cve": "CVE-2019-13669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13669"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13669",
"url": "https://www.suse.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13669",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13669"
},
{
"cve": "CVE-2019-13670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13670"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13670",
"url": "https://www.suse.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13670",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13670"
},
{
"cve": "CVE-2019-13671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13671"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13671",
"url": "https://www.suse.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13671",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13671"
},
{
"cve": "CVE-2019-13673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13673"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13673",
"url": "https://www.suse.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13673",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-13673"
},
{
"cve": "CVE-2019-13674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13674"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13674",
"url": "https://www.suse.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13674",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13674"
},
{
"cve": "CVE-2019-13675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13675"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13675",
"url": "https://www.suse.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13675",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13675"
},
{
"cve": "CVE-2019-13676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13676"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13676",
"url": "https://www.suse.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13676",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13676"
},
{
"cve": "CVE-2019-13677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13677"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13677",
"url": "https://www.suse.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13677",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13677"
},
{
"cve": "CVE-2019-13678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13678"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13678",
"url": "https://www.suse.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13678",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13678"
},
{
"cve": "CVE-2019-13679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13679"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13679",
"url": "https://www.suse.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13679",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13679"
},
{
"cve": "CVE-2019-13680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13680"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13680",
"url": "https://www.suse.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13680",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13680"
},
{
"cve": "CVE-2019-13681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13681"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13681",
"url": "https://www.suse.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13681",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13681"
},
{
"cve": "CVE-2019-13682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13682"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13682",
"url": "https://www.suse.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13682",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-13682"
},
{
"cve": "CVE-2019-13683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13683"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13683",
"url": "https://www.suse.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13683",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-13683"
},
{
"cve": "CVE-2019-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5870"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5870",
"url": "https://www.suse.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5870",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "critical"
}
],
"title": "CVE-2019-5870"
},
{
"cve": "CVE-2019-5871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5871"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5871",
"url": "https://www.suse.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5871",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5871"
},
{
"cve": "CVE-2019-5872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5872"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5872",
"url": "https://www.suse.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5872",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-5872"
},
{
"cve": "CVE-2019-5874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5874"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5874",
"url": "https://www.suse.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5874",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5874"
},
{
"cve": "CVE-2019-5875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5875"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5875",
"url": "https://www.suse.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5875",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-5875"
},
{
"cve": "CVE-2019-5876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5876"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5876",
"url": "https://www.suse.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5876",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5876"
},
{
"cve": "CVE-2019-5877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5877"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5877",
"url": "https://www.suse.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5877",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5877"
},
{
"cve": "CVE-2019-5878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5878"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5878",
"url": "https://www.suse.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5878",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5878"
},
{
"cve": "CVE-2019-5879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5879"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5879",
"url": "https://www.suse.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5879",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-5879"
},
{
"cve": "CVE-2019-5880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5880"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5880",
"url": "https://www.suse.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5880",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5880"
},
{
"cve": "CVE-2019-5881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5881"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5881",
"url": "https://www.suse.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5881",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:chromedriver-77.0.3865.75-lp151.2.30.1.x86_64",
"openSUSE Leap 15.1:chromium-77.0.3865.75-lp151.2.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:36:39Z",
"details": "important"
}
],
"title": "CVE-2019-5881"
}
]
}
OPENSUSE-SU-2019:2153-1
Vulnerability from csaf_opensuse - Published: 2019-09-19 05:37 - Updated: 2019-09-19 05:37Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Security issues fixed:
- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)
- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)
- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)
- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)
- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)
- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)
- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)
- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)
- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)
- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)
- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)
- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)
- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
- CVE-2019-13683: Fixed an exception leaked by devtools. (boo#1150425)
Patchnames: openSUSE-2019-2153
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)\n- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)\n- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)\n- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)\n- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)\n- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)\n- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)\n- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)\n- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)\n- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)\n- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)\n- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)\n- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)\n- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)\n- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)\n- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)\n- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)\n- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)\n- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)\n- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)\n- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)\n- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)\n- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)\n- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)\n- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)\n- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)\n- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)\n- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)\n- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)\n- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)\n- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)\n- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)\n- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)\n- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)\n- CVE-2019-13683: Fixed an exception leaked by devtools. (boo#1150425)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2153",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2153-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2153-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HU3VLMWFXMPMAPBQ3HHUEUBOVURJCKOJ/#HU3VLMWFXMPMAPBQ3HHUEUBOVURJCKOJ"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2153-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HU3VLMWFXMPMAPBQ3HHUEUBOVURJCKOJ/#HU3VLMWFXMPMAPBQ3HHUEUBOVURJCKOJ"
},
{
"category": "self",
"summary": "SUSE Bug 1150425",
"url": "https://bugzilla.suse.com/1150425"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13659 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13660 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13661 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13662 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13663 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13664 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13665 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13667 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13668 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13669 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13670 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13671 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13673 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13675 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13676 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13677 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13678 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13679 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13680 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13681 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13682 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13683 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5871 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5872 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5875 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5876 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5877 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5878 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5879 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5881 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5881/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2019-09-19T05:37:19Z",
"generator": {
"date": "2019-09-19T05:37:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2153-1",
"initial_release_date": "2019-09-19T05:37:19Z",
"revision_history": [
{
"date": "2019-09-19T05:37:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"product": {
"name": "chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"product_id": "chromedriver-77.0.3865.75-lp150.239.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-77.0.3865.75-lp150.239.1.x86_64",
"product": {
"name": "chromium-77.0.3865.75-lp150.239.1.x86_64",
"product_id": "chromium-77.0.3865.75-lp150.239.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-77.0.3865.75-lp150.239.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64"
},
"product_reference": "chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-77.0.3865.75-lp150.239.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
},
"product_reference": "chromium-77.0.3865.75-lp150.239.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13659"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13659",
"url": "https://www.suse.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13659",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13659"
},
{
"cve": "CVE-2019-13660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13660"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13660",
"url": "https://www.suse.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13660",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13660"
},
{
"cve": "CVE-2019-13661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13661"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13661",
"url": "https://www.suse.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13661",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13661"
},
{
"cve": "CVE-2019-13662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13662"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13662",
"url": "https://www.suse.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13662",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13662"
},
{
"cve": "CVE-2019-13663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13663"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13663",
"url": "https://www.suse.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13663",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13663"
},
{
"cve": "CVE-2019-13664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13664"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13664",
"url": "https://www.suse.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13664",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13664"
},
{
"cve": "CVE-2019-13665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13665"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13665",
"url": "https://www.suse.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13665",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13665"
},
{
"cve": "CVE-2019-13666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13666"
}
],
"notes": [
{
"category": "general",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13666",
"url": "https://www.suse.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13666",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-13666"
},
{
"cve": "CVE-2019-13667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13667"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13667",
"url": "https://www.suse.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13667",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13667"
},
{
"cve": "CVE-2019-13668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13668"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13668",
"url": "https://www.suse.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13668",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-13668"
},
{
"cve": "CVE-2019-13669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13669"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13669",
"url": "https://www.suse.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13669",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13669"
},
{
"cve": "CVE-2019-13670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13670"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13670",
"url": "https://www.suse.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13670",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13670"
},
{
"cve": "CVE-2019-13671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13671"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13671",
"url": "https://www.suse.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13671",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13671"
},
{
"cve": "CVE-2019-13673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13673"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13673",
"url": "https://www.suse.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13673",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-13673"
},
{
"cve": "CVE-2019-13674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13674"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13674",
"url": "https://www.suse.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13674",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13674"
},
{
"cve": "CVE-2019-13675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13675"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13675",
"url": "https://www.suse.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13675",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13675"
},
{
"cve": "CVE-2019-13676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13676"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13676",
"url": "https://www.suse.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13676",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13676"
},
{
"cve": "CVE-2019-13677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13677"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13677",
"url": "https://www.suse.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13677",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13677"
},
{
"cve": "CVE-2019-13678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13678"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13678",
"url": "https://www.suse.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13678",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13678"
},
{
"cve": "CVE-2019-13679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13679"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13679",
"url": "https://www.suse.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13679",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13679"
},
{
"cve": "CVE-2019-13680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13680"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13680",
"url": "https://www.suse.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13680",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13680"
},
{
"cve": "CVE-2019-13681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13681"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13681",
"url": "https://www.suse.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13681",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13681"
},
{
"cve": "CVE-2019-13682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13682"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13682",
"url": "https://www.suse.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13682",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-13682"
},
{
"cve": "CVE-2019-13683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13683"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13683",
"url": "https://www.suse.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13683",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-13683"
},
{
"cve": "CVE-2019-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5870"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5870",
"url": "https://www.suse.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5870",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "critical"
}
],
"title": "CVE-2019-5870"
},
{
"cve": "CVE-2019-5871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5871"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5871",
"url": "https://www.suse.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5871",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5871"
},
{
"cve": "CVE-2019-5872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5872"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5872",
"url": "https://www.suse.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5872",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-5872"
},
{
"cve": "CVE-2019-5874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5874"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5874",
"url": "https://www.suse.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5874",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5874"
},
{
"cve": "CVE-2019-5875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5875"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5875",
"url": "https://www.suse.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5875",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-5875"
},
{
"cve": "CVE-2019-5876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5876"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5876",
"url": "https://www.suse.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5876",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5876"
},
{
"cve": "CVE-2019-5877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5877"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5877",
"url": "https://www.suse.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5877",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5877"
},
{
"cve": "CVE-2019-5878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5878"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5878",
"url": "https://www.suse.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5878",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5878"
},
{
"cve": "CVE-2019-5879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5879"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5879",
"url": "https://www.suse.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5879",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "moderate"
}
],
"title": "CVE-2019-5879"
},
{
"cve": "CVE-2019-5880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5880"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5880",
"url": "https://www.suse.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5880",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5880"
},
{
"cve": "CVE-2019-5881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5881"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5881",
"url": "https://www.suse.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5881",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:chromedriver-77.0.3865.75-lp150.239.1.x86_64",
"openSUSE Leap 15.0:chromium-77.0.3865.75-lp150.239.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-19T05:37:19Z",
"details": "important"
}
],
"title": "CVE-2019-5881"
}
]
}
OPENSUSE-SU-2019:2155-1
Vulnerability from csaf_opensuse - Published: 2019-09-20 08:46 - Updated: 2019-09-20 08:46Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Security issues fixed:
- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)
- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)
- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)
- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)
- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)
- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)
- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)
- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)
- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)
- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)
- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)
- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)
- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
- CVE-2019-13683: Fixed an exception leaked by devtools. (boo#1150425)
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames: openSUSE-2019-2155
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)\n- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)\n- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)\n- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)\n- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)\n- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)\n- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)\n- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)\n- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)\n- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)\n- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)\n- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)\n- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)\n- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)\n- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)\n- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)\n- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)\n- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)\n- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)\n- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)\n- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)\n- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)\n- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)\n- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)\n- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)\n- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)\n- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)\n- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)\n- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)\n- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)\n- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)\n- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)\n- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)\n- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)\n- CVE-2019-13683: Fixed an exception leaked by devtools. (boo#1150425)\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2155",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2155-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2155-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J3PR5XSONUWMXGMA4ENPYA6AHEES7VD4/#J3PR5XSONUWMXGMA4ENPYA6AHEES7VD4"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2155-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J3PR5XSONUWMXGMA4ENPYA6AHEES7VD4/#J3PR5XSONUWMXGMA4ENPYA6AHEES7VD4"
},
{
"category": "self",
"summary": "SUSE Bug 1150425",
"url": "https://bugzilla.suse.com/1150425"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13659 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13660 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13661 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13662 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13663 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13664 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13665 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13667 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13668 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13669 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13670 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13671 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13673 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13675 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13676 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13677 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13678 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13679 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13680 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13681 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13682 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13683 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5871 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5872 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5875 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5876 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5877 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5878 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5879 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5881 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5881/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2019-09-20T08:46:30Z",
"generator": {
"date": "2019-09-20T08:46:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2155-1",
"initial_release_date": "2019-09-20T08:46:30Z",
"revision_history": [
{
"date": "2019-09-20T08:46:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"product": {
"name": "chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"product_id": "chromedriver-77.0.3865.75-bp150.231.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-77.0.3865.75-bp150.231.1.aarch64",
"product": {
"name": "chromium-77.0.3865.75-bp150.231.1.aarch64",
"product_id": "chromium-77.0.3865.75-bp150.231.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"product": {
"name": "chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"product_id": "chromedriver-77.0.3865.75-bp150.231.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-77.0.3865.75-bp150.231.1.x86_64",
"product": {
"name": "chromium-77.0.3865.75-bp150.231.1.x86_64",
"product_id": "chromium-77.0.3865.75-bp150.231.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-77.0.3865.75-bp150.231.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64"
},
"product_reference": "chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-77.0.3865.75-bp150.231.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64"
},
"product_reference": "chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-77.0.3865.75-bp150.231.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64"
},
"product_reference": "chromium-77.0.3865.75-bp150.231.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-77.0.3865.75-bp150.231.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
},
"product_reference": "chromium-77.0.3865.75-bp150.231.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13659"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13659",
"url": "https://www.suse.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13659",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13659"
},
{
"cve": "CVE-2019-13660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13660"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13660",
"url": "https://www.suse.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13660",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13660"
},
{
"cve": "CVE-2019-13661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13661"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13661",
"url": "https://www.suse.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13661",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13661"
},
{
"cve": "CVE-2019-13662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13662"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13662",
"url": "https://www.suse.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13662",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13662"
},
{
"cve": "CVE-2019-13663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13663"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13663",
"url": "https://www.suse.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13663",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13663"
},
{
"cve": "CVE-2019-13664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13664"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13664",
"url": "https://www.suse.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13664",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13664"
},
{
"cve": "CVE-2019-13665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13665"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13665",
"url": "https://www.suse.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13665",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13665"
},
{
"cve": "CVE-2019-13666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13666"
}
],
"notes": [
{
"category": "general",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13666",
"url": "https://www.suse.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13666",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-13666"
},
{
"cve": "CVE-2019-13667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13667"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13667",
"url": "https://www.suse.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13667",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13667"
},
{
"cve": "CVE-2019-13668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13668"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13668",
"url": "https://www.suse.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13668",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-13668"
},
{
"cve": "CVE-2019-13669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13669"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13669",
"url": "https://www.suse.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13669",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13669"
},
{
"cve": "CVE-2019-13670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13670"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13670",
"url": "https://www.suse.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13670",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13670"
},
{
"cve": "CVE-2019-13671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13671"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13671",
"url": "https://www.suse.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13671",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13671"
},
{
"cve": "CVE-2019-13673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13673"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13673",
"url": "https://www.suse.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13673",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-13673"
},
{
"cve": "CVE-2019-13674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13674"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13674",
"url": "https://www.suse.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13674",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13674"
},
{
"cve": "CVE-2019-13675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13675"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13675",
"url": "https://www.suse.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13675",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13675"
},
{
"cve": "CVE-2019-13676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13676"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13676",
"url": "https://www.suse.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13676",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13676"
},
{
"cve": "CVE-2019-13677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13677"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13677",
"url": "https://www.suse.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13677",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13677"
},
{
"cve": "CVE-2019-13678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13678"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13678",
"url": "https://www.suse.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13678",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13678"
},
{
"cve": "CVE-2019-13679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13679"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13679",
"url": "https://www.suse.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13679",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13679"
},
{
"cve": "CVE-2019-13680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13680"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13680",
"url": "https://www.suse.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13680",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13680"
},
{
"cve": "CVE-2019-13681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13681"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13681",
"url": "https://www.suse.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13681",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13681"
},
{
"cve": "CVE-2019-13682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13682"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13682",
"url": "https://www.suse.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13682",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-13682"
},
{
"cve": "CVE-2019-13683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13683"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13683",
"url": "https://www.suse.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13683",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-13683"
},
{
"cve": "CVE-2019-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5870"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5870",
"url": "https://www.suse.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5870",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "critical"
}
],
"title": "CVE-2019-5870"
},
{
"cve": "CVE-2019-5871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5871"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5871",
"url": "https://www.suse.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5871",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5871"
},
{
"cve": "CVE-2019-5872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5872"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5872",
"url": "https://www.suse.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5872",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-5872"
},
{
"cve": "CVE-2019-5874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5874"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5874",
"url": "https://www.suse.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5874",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5874"
},
{
"cve": "CVE-2019-5875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5875"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5875",
"url": "https://www.suse.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5875",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-5875"
},
{
"cve": "CVE-2019-5876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5876"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5876",
"url": "https://www.suse.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5876",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5876"
},
{
"cve": "CVE-2019-5877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5877"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5877",
"url": "https://www.suse.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5877",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5877"
},
{
"cve": "CVE-2019-5878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5878"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5878",
"url": "https://www.suse.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5878",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5878"
},
{
"cve": "CVE-2019-5879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5879"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5879",
"url": "https://www.suse.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5879",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-5879"
},
{
"cve": "CVE-2019-5880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5880"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5880",
"url": "https://www.suse.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5880",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5880"
},
{
"cve": "CVE-2019-5881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5881"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5881",
"url": "https://www.suse.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5881",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromedriver-77.0.3865.75-bp150.231.1.x86_64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.aarch64",
"SUSE Package Hub 15:chromium-77.0.3865.75-bp150.231.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:30Z",
"details": "important"
}
],
"title": "CVE-2019-5881"
}
]
}
OPENSUSE-SU-2019:2156-1
Vulnerability from csaf_opensuse - Published: 2019-09-20 08:46 - Updated: 2019-09-20 08:46Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium to 77.0.3865.75 fixes the following issues:
Security issues fixed:
- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)
- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)
- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)
- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)
- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)
- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)
- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)
- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)
- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)
- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)
- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)
- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)
- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)
- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)
- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)
- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)
- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)
- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)
- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)
- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)
- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)
- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)
- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)
- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)
- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)
- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)
- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)
- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)
- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)
- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)
- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)
- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)
- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)
- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)
- CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames: openSUSE-2019-2156
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium to 77.0.3865.75 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5870: Fixed a use-after-free in media. (boo#1150425)\n- CVE-2019-5871: Fixed a heap overflow in Skia. (boo#1150425)\n- CVE-2019-5872: Fixed a use-after-free in Mojo (boo#1150425)\n- CVE-2019-5874: Fixed a behavior that made external URIs trigger other browsers. (boo#1150425)\n- CVE-2019-5875: Fixed a URL bar spoof via download redirect. (boo#1150425)\n- CVE-2019-5876: Fixed a use-after-free in media (boo#1150425)\n- CVE-2019-5877: Fixed an out-of-bounds access in V8. (boo#1150425)\n- CVE-2019-5878: Fixed a use-after-free in V8. (boo#1150425)\n- CVE-2019-5879: Fixed an extension issue that allowed the bypass of a same origin policy. (boo#1150425)\n- CVE-2019-5880: Fixed a SameSite cookie bypass. (boo#1150425)\n- CVE-2019-5881: Fixed an arbitrary read in SwiftShader. (boo#1150425)\n- CVE-2019-13659: Fixed an URL spoof. (boo#1150425)\n- CVE-2019-13660: Fixed a full screen notification overlap. (boo#1150425)\n- CVE-2019-13661: Fixed a full screen notification spoof. (boo#1150425)\n- CVE-2019-13662: Fixed a CSP bypass. (boo#1150425)\n- CVE-2019-13663: Fixed an IDN spoof. (boo#1150425)\n- CVE-2019-13664: Fixed a CSRF bypass. (boo#1150425)\n- CVE-2019-13665: Fixed a multiple file download protection bypass. (boo#1150425)\n- CVE-2019-13666: Fixed a side channel weakness using storage size estimate. (boo#1150425)\n- CVE-2019-13667: Fixed a URI bar spoof when using external app URIs. (boo#1150425)\n- CVE-2019-13668: Fixed a global window leak via console. (boo#1150425)\n- CVE-2019-13669: Fixed an HTTP authentication spoof. (boo#1150425)\n- CVE-2019-13670: Fixed a V8 memory corruption in regex. (boo#1150425)\n- CVE-2019-13671: Fixed a dialog box that failed to show the origin. (boo#1150425)\n- CVE-2019-13673: Fixed a cross-origin information leak using devtools. (boo#1150425)\n- CVE-2019-13674: Fixed an IDN spoofing opportunity. (boo#1150425)\n- CVE-2019-13675: Fixed an error that allowed extensions to be disabled by trailing slash. (boo#1150425)\n- CVE-2019-13676: Fixed a mistakenly shown Google URI in certificate warnings. (boo#1150425)\n- CVE-2019-13677: Fixed a lack of isolation in Chrome web store origin. (boo#1150425)\n- CVE-2019-13678: Fixed a download dialog spoofing opportunity. (boo#1150425)\n- CVE-2019-13679: Fixed a the necessity of a user gesture for printing. (boo#1150425)\n- CVE-2019-13680: Fixed an IP address spoofing error. (boo#1150425)\n- CVE-2019-13681: Fixed a bypass on download restrictions. (boo#1150425)\n- CVE-2019-13682: Fixed a site isolation bypass. (boo#1150425)\n- CVE-2019-13683: Fixed an exceptions leaked by devtools. (boo#1150425)\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2156",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2156-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2156-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WPPBUQRMHPY462ZHRKXCNGQKTGL6KMBH/#WPPBUQRMHPY462ZHRKXCNGQKTGL6KMBH"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2156-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WPPBUQRMHPY462ZHRKXCNGQKTGL6KMBH/#WPPBUQRMHPY462ZHRKXCNGQKTGL6KMBH"
},
{
"category": "self",
"summary": "SUSE Bug 1150425",
"url": "https://bugzilla.suse.com/1150425"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13659 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13660 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13661 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13662 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13663 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13664 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13665 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13667 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13668 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13669 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13670 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13671 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13673 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13674 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13675 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13676 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13677 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13678 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13679 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13680 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13681 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13682 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13683 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5870 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5871 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5872 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5874 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5875 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5876 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5877 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5877/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5878 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5878/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5879 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5880 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5880/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5881 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5881/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2019-09-20T08:46:46Z",
"generator": {
"date": "2019-09-20T08:46:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2156-1",
"initial_release_date": "2019-09-20T08:46:46Z",
"revision_history": [
{
"date": "2019-09-20T08:46:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"product": {
"name": "chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"product_id": "chromedriver-77.0.3865.75-bp151.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"product": {
"name": "chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"product_id": "chromium-77.0.3865.75-bp151.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"product": {
"name": "chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"product_id": "chromedriver-77.0.3865.75-bp151.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-77.0.3865.75-bp151.3.12.1.x86_64",
"product": {
"name": "chromium-77.0.3865.75-bp151.3.12.1.x86_64",
"product_id": "chromium-77.0.3865.75-bp151.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-77.0.3865.75-bp151.3.12.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64"
},
"product_reference": "chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-77.0.3865.75-bp151.3.12.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64"
},
"product_reference": "chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-77.0.3865.75-bp151.3.12.1.aarch64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64"
},
"product_reference": "chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-77.0.3865.75-bp151.3.12.1.x86_64 as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
},
"product_reference": "chromium-77.0.3865.75-bp151.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13659"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13659",
"url": "https://www.suse.com/security/cve/CVE-2019-13659"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13659",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13659"
},
{
"cve": "CVE-2019-13660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13660"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13660",
"url": "https://www.suse.com/security/cve/CVE-2019-13660"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13660",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13660"
},
{
"cve": "CVE-2019-13661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13661"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13661",
"url": "https://www.suse.com/security/cve/CVE-2019-13661"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13661",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13661"
},
{
"cve": "CVE-2019-13662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13662"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13662",
"url": "https://www.suse.com/security/cve/CVE-2019-13662"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13662",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13662"
},
{
"cve": "CVE-2019-13663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13663"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13663",
"url": "https://www.suse.com/security/cve/CVE-2019-13663"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13663",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13663"
},
{
"cve": "CVE-2019-13664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13664"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13664",
"url": "https://www.suse.com/security/cve/CVE-2019-13664"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13664",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13664"
},
{
"cve": "CVE-2019-13665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13665"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13665",
"url": "https://www.suse.com/security/cve/CVE-2019-13665"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13665",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13665"
},
{
"cve": "CVE-2019-13666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13666"
}
],
"notes": [
{
"category": "general",
"text": "Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13666",
"url": "https://www.suse.com/security/cve/CVE-2019-13666"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13666",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-13666"
},
{
"cve": "CVE-2019-13667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13667"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13667",
"url": "https://www.suse.com/security/cve/CVE-2019-13667"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13667",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13667"
},
{
"cve": "CVE-2019-13668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13668"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13668",
"url": "https://www.suse.com/security/cve/CVE-2019-13668"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13668",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-13668"
},
{
"cve": "CVE-2019-13669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13669"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13669",
"url": "https://www.suse.com/security/cve/CVE-2019-13669"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13669",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13669"
},
{
"cve": "CVE-2019-13670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13670"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13670",
"url": "https://www.suse.com/security/cve/CVE-2019-13670"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13670",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13670"
},
{
"cve": "CVE-2019-13671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13671"
}
],
"notes": [
{
"category": "general",
"text": "UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13671",
"url": "https://www.suse.com/security/cve/CVE-2019-13671"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13671",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13671"
},
{
"cve": "CVE-2019-13673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13673"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13673",
"url": "https://www.suse.com/security/cve/CVE-2019-13673"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13673",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-13673"
},
{
"cve": "CVE-2019-13674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13674"
}
],
"notes": [
{
"category": "general",
"text": "IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13674",
"url": "https://www.suse.com/security/cve/CVE-2019-13674"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13674",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13674"
},
{
"cve": "CVE-2019-13675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13675"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13675",
"url": "https://www.suse.com/security/cve/CVE-2019-13675"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13675",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13675"
},
{
"cve": "CVE-2019-13676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13676"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13676",
"url": "https://www.suse.com/security/cve/CVE-2019-13676"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13676",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13676"
},
{
"cve": "CVE-2019-13677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13677"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13677",
"url": "https://www.suse.com/security/cve/CVE-2019-13677"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13677",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13677"
},
{
"cve": "CVE-2019-13678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13678"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13678",
"url": "https://www.suse.com/security/cve/CVE-2019-13678"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13678",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13678"
},
{
"cve": "CVE-2019-13679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13679"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13679",
"url": "https://www.suse.com/security/cve/CVE-2019-13679"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13679",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13679"
},
{
"cve": "CVE-2019-13680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13680"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13680",
"url": "https://www.suse.com/security/cve/CVE-2019-13680"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13680",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13680"
},
{
"cve": "CVE-2019-13681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13681"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13681",
"url": "https://www.suse.com/security/cve/CVE-2019-13681"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13681",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13681"
},
{
"cve": "CVE-2019-13682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13682"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13682",
"url": "https://www.suse.com/security/cve/CVE-2019-13682"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13682",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-13682"
},
{
"cve": "CVE-2019-13683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13683"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13683",
"url": "https://www.suse.com/security/cve/CVE-2019-13683"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-13683",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-13683"
},
{
"cve": "CVE-2019-5870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5870"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5870",
"url": "https://www.suse.com/security/cve/CVE-2019-5870"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5870",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "critical"
}
],
"title": "CVE-2019-5870"
},
{
"cve": "CVE-2019-5871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5871"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5871",
"url": "https://www.suse.com/security/cve/CVE-2019-5871"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5871",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5871"
},
{
"cve": "CVE-2019-5872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5872"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5872",
"url": "https://www.suse.com/security/cve/CVE-2019-5872"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5872",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-5872"
},
{
"cve": "CVE-2019-5874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5874"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5874",
"url": "https://www.suse.com/security/cve/CVE-2019-5874"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5874",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5874"
},
{
"cve": "CVE-2019-5875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5875"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5875",
"url": "https://www.suse.com/security/cve/CVE-2019-5875"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5875",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-5875"
},
{
"cve": "CVE-2019-5876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5876"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5876",
"url": "https://www.suse.com/security/cve/CVE-2019-5876"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5876",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5876"
},
{
"cve": "CVE-2019-5877",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5877"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5877",
"url": "https://www.suse.com/security/cve/CVE-2019-5877"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5877",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5877"
},
{
"cve": "CVE-2019-5878",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5878"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5878",
"url": "https://www.suse.com/security/cve/CVE-2019-5878"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5878",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5878"
},
{
"cve": "CVE-2019-5879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5879"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5879",
"url": "https://www.suse.com/security/cve/CVE-2019-5879"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5879",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "moderate"
}
],
"title": "CVE-2019-5879"
},
{
"cve": "CVE-2019-5880",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5880"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5880",
"url": "https://www.suse.com/security/cve/CVE-2019-5880"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5880",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5880"
},
{
"cve": "CVE-2019-5881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5881"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5881",
"url": "https://www.suse.com/security/cve/CVE-2019-5881"
},
{
"category": "external",
"summary": "SUSE Bug 1150425 for CVE-2019-5881",
"url": "https://bugzilla.suse.com/1150425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromedriver-77.0.3865.75-bp151.3.12.1.x86_64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.aarch64",
"SUSE Package Hub 15 SP1:chromium-77.0.3865.75-bp151.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-20T08:46:46Z",
"details": "important"
}
],
"title": "CVE-2019-5881"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…