An update that fixes 19 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium was updated to 74.0.3729.108 boo#1133313:
- CVE-2019-5805: Use after free in PDFium
- CVE-2019-5806: Integer overflow in Angle
- CVE-2019-5807: Memory corruption in V8
- CVE-2019-5808: Use after free in Blink
- CVE-2019-5809: Use after free in Blink
- CVE-2019-5810: User information disclosure in Autofill
- CVE-2019-5811: CORS bypass in Blink
- CVE-2019-5813: Out of bounds read in V8
- CVE-2019-5814: CORS bypass in Blink
- CVE-2019-5815: Heap buffer overflow in Blink
- CVE-2019-5818: Uninitialized value in media reader
- CVE-2019-5819: Incorrect escaping in developer tools
- CVE-2019-5820: Integer overflow in PDFium
- CVE-2019-5821: Integer overflow in PDFium
- CVE-2019-5822: CORS bypass in download manager
- CVE-2019-5823: Forced navigation from service worker
- CVE-2019-5812: URL spoof in Omnibox on iOS
- CVE-2019-5816: Exploit persistence extension on Android
- CVE-2019-5817: Heap buffer overflow in Angle on Windows
- Update conditions to use system harfbuzz on TW+
- Require java during build
- Enable using pipewire when available
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: