Описание
Security update for chromium
This update for chromium fixes the following issues:
-
Chromium 112.0.5615.121:
- CVE-2023-2033: Type Confusion in V8 (boo#1210478)
-
Chromium 112.0.5615.49
- CSS now supports nesting rules.
- The algorithm to set the initial focus on elements was updated.
- No-op fetch() handlers on service workers are skipped from now on to make navigations faster
- The setter for document.domain is now deprecated.
- The recorder in devtools can now record with pierce selectors.
- Security fixes (boo#1210126):
- CVE-2023-1810: Heap buffer overflow in Visuals
- CVE-2023-1811: Use after free in Frames
- CVE-2023-1812: Out of bounds memory access in DOM Bindings
- CVE-2023-1813: Inappropriate implementation in Extensions
- CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
- CVE-2023-1815: Use after free in Networking APIs
- CVE-2023-1816: Incorrect security UI in Picture In Picture
- CVE-2023-1817: Insufficient policy enforcement in Intents
- CVE-2023-1818: Use after free in Vulkan
- CVE-2023-1819: Out of bounds read in Accessibility
- CVE-2023-1820: Heap buffer overflow in Browser History
- CVE-2023-1821: Inappropriate implementation in WebShare
- CVE-2023-1822: Incorrect security UI in Navigation
- CVE-2023-1823: Inappropriate implementation in FedCM
-
Chromium 111.0.5563.147:
- nth-child() validation performance regression for SAP apps
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2023:0092-1
- SUSE Security Ratings
- SUSE Bug 1210126
- SUSE Bug 1210478
- SUSE CVE CVE-2023-1810 page
- SUSE CVE CVE-2023-1811 page
- SUSE CVE CVE-2023-1812 page
- SUSE CVE CVE-2023-1813 page
- SUSE CVE CVE-2023-1814 page
- SUSE CVE CVE-2023-1815 page
- SUSE CVE CVE-2023-1816 page
- SUSE CVE CVE-2023-1817 page
- SUSE CVE CVE-2023-1818 page
- SUSE CVE CVE-2023-1819 page
- SUSE CVE CVE-2023-1820 page
- SUSE CVE CVE-2023-1821 page
- SUSE CVE CVE-2023-1822 page
- SUSE CVE CVE-2023-1823 page
- SUSE CVE CVE-2023-2033 page
Описание
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-1810
- SUSE Bug 1210126
Описание
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-1811
- SUSE Bug 1210126
Описание
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1812
- SUSE Bug 1210126
Описание
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1813
- SUSE Bug 1210126
Описание
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1814
- SUSE Bug 1210126
Описание
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1815
- SUSE Bug 1210126
Описание
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1816
- SUSE Bug 1210126
Описание
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1817
- SUSE Bug 1210126
Описание
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1818
- SUSE Bug 1210126
Описание
Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1819
- SUSE Bug 1210126
Описание
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-1820
- SUSE Bug 1210126
Описание
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2023-1821
- SUSE Bug 1210126
Описание
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2023-1822
- SUSE Bug 1210126
Описание
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2023-1823
- SUSE Bug 1210126
Описание
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-2033
- SUSE Bug 1210478