Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 109.0.5414.119 (boo#1207512):
- CVE-2023-0471: Use after free in WebTransport
- CVE-2023-0472: Use after free in WebRTC
- CVE-2023-0473: Type Confusion in ServiceWorker API
- CVE-2023-0474: Use after free in GuestView
- Various fixes from internal audits, fuzzing and other initiatives
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2023:0032-1
- SUSE Security Ratings
- SUSE Bug 1207512
- SUSE CVE CVE-2023-0471 page
- SUSE CVE CVE-2023-0472 page
- SUSE CVE CVE-2023-0473 page
- SUSE CVE CVE-2023-0474 page
Описание
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0471
- SUSE Bug 1207512
Описание
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0472
- SUSE Bug 1207512
Описание
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-0473
- SUSE Bug 1207512
Описание
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-0474
- SUSE Bug 1207512