openSUSE-SU-2018:0313-1: important: Security update for chromium

\n\n openSUSE Security Update: Security update for chromium

Announcement ID: openSUSE-SU-2018:0313-1
Rating: important
References: #1073323 #1077571 #1077722
Cross-References: CVE-2017-15420 CVE-2018-6031 CVE-2018-6032
CVE-2018-6033 CVE-2018-6034 CVE-2018-6035
CVE-2018-6036 CVE-2018-6037 CVE-2018-6038
CVE-2018-6039 CVE-2018-6040 CVE-2018-6041
CVE-2018-6042 CVE-2018-6043 CVE-2018-6045
CVE-2018-6046 CVE-2018-6047 CVE-2018-6048
CVE-2018-6049 CVE-2018-6050 CVE-2018-6051
CVE-2018-6052 CVE-2018-6053 CVE-2018-6054

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 24 vulnerabilities is now available.


This update for chromium to 64.0.3282.119 fixes several issues.

These security issues were fixed:

– CVE-2018-6031: Use after free in PDFium (boo#1077571)
– CVE-2018-6032: Same origin bypass in Shared Worker (boo#1077571)
– CVE-2018-6033: Race when opening downloaded files (boo#1077571)
– CVE-2018-6034: Integer overflow in Blink (boo#1077571)
– CVE-2018-6035: Insufficient isolation of devtools from extensions
– CVE-2018-6036: Integer underflow in WebAssembly (boo#1077571)
– CVE-2018-6037: Insufficient user gesture requirements in autofill
– CVE-2018-6038: Heap buffer overflow in WebGL (boo#1077571)
– CVE-2018-6039: XSS in DevTools (boo#1077571)
– CVE-2018-6040: Content security policy bypass (boo#1077571)
– CVE-2018-6041: URL spoof in Navigation (boo#1077571)
– CVE-2018-6042: URL spoof in OmniBox (boo#1077571)
– CVE-2018-6043: Insufficient escaping with external URL handlers
– CVE-2018-6045: Insufficient isolation of devtools from extensions
– CVE-2018-6046: Insufficient isolation of devtools from extensions
– CVE-2018-6047: Cross origin URL leak in WebGL (boo#1077571)
– CVE-2018-6048: Referrer policy bypass in Blink (boo#1077571)
– CVE-2017-15420: URL spoofing in Omnibox (boo#1077571)
– CVE-2018-6049: UI spoof in Permissions (boo#1077571)
– CVE-2018-6050: URL spoof in OmniBox (boo#1077571)
– CVE-2018-6051: Referrer leak in XSS Auditor (boo#1077571)
– CVE-2018-6052: Incomplete no-referrer policy implementation (boo#1077571)
– CVE-2018-6053: Leak of page thumbnails in New Tab Page (boo#1077571)
– CVE-2018-6054: Use after free in WebUI (boo#1077571)

Re was updated to version 2018-01-01 (boo#1073323)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-106=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):


– SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail:
For additional commands, e-mail: