Описание
Security update for chromium
This update for chromium fixes the following issues:
-
Chromium 117.0.5938.132 (boo#1215776):
- CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
- CVE-2023-5186: Use after free in Passwords
- CVE-2023-5187: Use after free in Extensions
-
Chromium 117.0.5938.92:
- stability improvements
Список пакетов
SUSE Package Hub 15 SP4
SUSE Package Hub 15 SP5
openSUSE Leap 15.4
openSUSE Leap 15.5
Ссылки
- E-Mail link for openSUSE-SU-2023:0277-1
- SUSE Security Ratings
- SUSE Bug 1215776
- SUSE Bug 1215778
- SUSE CVE CVE-2023-5186 page
- SUSE CVE CVE-2023-5187 page
- SUSE CVE CVE-2023-5217 page
Описание
Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5186
- SUSE Bug 1215776
Описание
Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5187
- SUSE Bug 1215776
Описание
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5217
- SUSE Bug 1215776
- SUSE Bug 1215778
- SUSE Bug 1215814
- SUSE Bug 1217559