Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 115.0.5790.170 (boo#1213920)
- CVE-2023-4068: Type Confusion in V8
- CVE-2023-4069: Type Confusion in V8
- CVE-2023-4070: Type Confusion in V8
- CVE-2023-4071: Heap buffer overflow in Visuals
- CVE-2023-4072: Out of bounds read and write in WebGL
- CVE-2023-4073: Out of bounds memory access in ANGLE
- CVE-2023-4074: Use after free in Blink Task Scheduling
- CVE-2023-4075: Use after free in Cast
- CVE-2023-4076: Use after free in WebRTC
- CVE-2023-4077: Insufficient data validation in Extensions
- CVE-2023-4078: Inappropriate implementation in Extensions
- Specify re2 build dependency in a way that makes Leap packages build in devel project and in Maintenance
Список пакетов
SUSE Package Hub 15 SP4
SUSE Package Hub 15 SP5
openSUSE Leap 15.4
openSUSE Leap 15.5
Ссылки
- E-Mail link for openSUSE-SU-2023:0216-1
- SUSE Security Ratings
- SUSE Bug 1213920
- SUSE CVE CVE-2023-4068 page
- SUSE CVE CVE-2023-4069 page
- SUSE CVE CVE-2023-4070 page
- SUSE CVE CVE-2023-4071 page
- SUSE CVE CVE-2023-4072 page
- SUSE CVE CVE-2023-4073 page
- SUSE CVE CVE-2023-4074 page
- SUSE CVE CVE-2023-4075 page
- SUSE CVE CVE-2023-4076 page
- SUSE CVE CVE-2023-4077 page
- SUSE CVE CVE-2023-4078 page
Описание
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4068
- SUSE Bug 1213920
Описание
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4069
- SUSE Bug 1213920
Описание
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4070
- SUSE Bug 1213920
Описание
Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4071
- SUSE Bug 1213920
Описание
Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4072
- SUSE Bug 1213920
Описание
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4073
- SUSE Bug 1213920
Описание
Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4074
- SUSE Bug 1213920
Описание
Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4075
- SUSE Bug 1213920
Описание
Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-4076
- SUSE Bug 1213920
Описание
Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-4077
- SUSE Bug 1213920
Описание
Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-4078
- SUSE Bug 1213920