An update that fixes 6 vulnerabilities is now available.
Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access - CVE-2016-5174: Popup not correctly suppressed - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.
The following upstream fixes are included:
- SPDY crasher fixes - Disable NV12 DXGI video on AMD - Forward --password-store switch to os_crypt - Tell the kernel to discard USB requests when they time out. - disallow WKBackForwardListItem navigations for pushState pages - arc: bluetooth: Fix advertised uuid - fix conflicting PendingIntent for stop button and swipe away
The widevine plugin was re-enabled (boo#998328).
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1084=1
To bring your system up-to-date, use "zypper patch".