openSUSE-SU-2018:2659-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium

Announcement ID: openSUSE-SU-2018:2659-1
Rating: important
References: #1106341 #1107235
Cross-References: CVE-2017-15430 CVE-2018-16065 CVE-2018-16066
CVE-2018-16067 CVE-2018-16068 CVE-2018-16069
CVE-2018-16070 CVE-2018-16071 CVE-2018-16073
CVE-2018-16074 CVE-2018-16075 CVE-2018-16076
CVE-2018-16077 CVE-2018-16078 CVE-2018-16079
CVE-2018-16080 CVE-2018-16081 CVE-2018-16082
CVE-2018-16083 CVE-2018-16084 CVE-2018-16085
CVE-2018-16086 CVE-2018-16087 CVE-2018-16088

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes 24 vulnerabilities is now available.


This update for Chromium to version 69.0.3497.81 fixes multiple issues.

Security issues fixed (boo#1107235):

– CVE-2018-16065: Out of bounds write in V8
– CVE-2018-16066:Out of bounds read in Blink
– CVE-2018-16067: Out of bounds read in WebAudio
– CVE-2018-16068: Out of bounds write in Mojo
– CVE-2018-16069:Out of bounds read in SwiftShader
– CVE-2018-16070: Integer overflow in Skia
– CVE-2018-16071: Use after free in WebRTC
– CVE-2018-16073: Site Isolation bypass after tab restore
– CVE-2018-16074: Site Isolation bypass using Blob URLS
– Out of bounds read in Little-CMS
– CVE-2018-16075: Local file access in Blink
– CVE-2018-16076: Out of bounds read in PDFium
– CVE-2018-16077: Content security policy bypass in Blink
– CVE-2018-16078: Credit card information leak in Autofill
– CVE-2018-16079: URL spoof in permission dialogs
– CVE-2018-16080: URL spoof in full screen mode
– CVE-2018-16081: Local file access in DevTools
– CVE-2018-16082: Stack buffer overflow in SwiftShader
– CVE-2018-16083: Out of bounds read in WebRTC
– CVE-2018-16084: User confirmation bypass in external protocol handling
– CVE-2018-16085: Use after free in Memory Instrumentation
– CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341)
– CVE-2018-16086: Script injection in New Tab Page
– CVE-2018-16087: Multiple download restriction bypass
– CVE-2018-16088: User gesture requirement bypass

The re2 regular expression library was updated to the current version

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-979=1

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 s390x x86_64):


– SUSE Package Hub for SUSE Linux Enterprise 12 (ppc64le):


– SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):



To unsubscribe, e-mail:
For additional commands, e-mail: