Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 110.0.5481.177 (boo#1208589)
- CVE-2023-0927: Use after free in Web Payments API
- CVE-2023-0928: Use after free in SwiftShader
- CVE-2023-0929: Use after free in Vulkan
- CVE-2023-0930: Heap buffer overflow in Video
- CVE-2023-0931: Use after free in Video
- CVE-2023-0932: Use after free in WebRTC
- CVE-2023-0933: Integer overflow in PDF
- CVE-2023-0941: Use after free in Prompts
- Various fixes from internal audits, fuzzing and other initiatives
Chromium 110.0.5481.100
- fix regression on SAP Business Objects web UI
- fix date formatting behavior change from ICU 72
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2023:0061-1
- SUSE Security Ratings
- SUSE Bug 1208589
- SUSE CVE CVE-2023-0927 page
- SUSE CVE CVE-2023-0928 page
- SUSE CVE CVE-2023-0929 page
- SUSE CVE CVE-2023-0930 page
- SUSE CVE CVE-2023-0931 page
- SUSE CVE CVE-2023-0932 page
- SUSE CVE CVE-2023-0933 page
- SUSE CVE CVE-2023-0941 page
Описание
Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0927
- SUSE Bug 1208589
Описание
Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0928
- SUSE Bug 1208589
Описание
Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0929
- SUSE Bug 1208589
Описание
Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0930
- SUSE Bug 1208589
Описание
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0931
- SUSE Bug 1208589
Описание
Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-0932
- SUSE Bug 1208589
Описание
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-0933
- SUSE Bug 1208589
Описание
Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Затронутые продукты
Ссылки
- CVE-2023-0941
- SUSE Bug 1208589