Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 119.0.6045.123 (boo#1216978)
- CVE-2023-5996: Use after free in WebAudio
Chromium 119.0.6045.105 (boo#1216783)
- CVE-2023-5480: Inappropriate implementation in Payments
- CVE-2023-5482: Insufficient data validation in USB
- CVE-2023-5849: Integer overflow in USB
- CVE-2023-5850: Incorrect security UI in Downloads
- CVE-2023-5851: Inappropriate implementation in Downloads
- CVE-2023-5852: Use after free in Printing
- CVE-2023-5853: Incorrect security UI in Downloads
- CVE-2023-5854: Use after free in Profiles
- CVE-2023-5855: Use after free in Reading Mode
- CVE-2023-5856: Use after free in Side Panel
- CVE-2023-5857: Inappropriate implementation in Downloads
- CVE-2023-5858: Inappropriate implementation in WebApp Provider
- CVE-2023-5859: Incorrect security UI in Picture In Picture
gn was updated to version 0.20231023:
- many updates to support Chromium 119 build
Список пакетов
SUSE Package Hub 15 SP4
SUSE Package Hub 15 SP5
openSUSE Leap 15.4
openSUSE Leap 15.5
Ссылки
- E-Mail link for openSUSE-SU-2023:0368-1
- SUSE Security Ratings
- SUSE Bug 1216783
- SUSE Bug 1216978
- SUSE CVE CVE-2023-5480 page
- SUSE CVE CVE-2023-5482 page
- SUSE CVE CVE-2023-5849 page
- SUSE CVE CVE-2023-5850 page
- SUSE CVE CVE-2023-5851 page
- SUSE CVE CVE-2023-5852 page
- SUSE CVE CVE-2023-5853 page
- SUSE CVE CVE-2023-5854 page
- SUSE CVE CVE-2023-5855 page
- SUSE CVE CVE-2023-5856 page
- SUSE CVE CVE-2023-5857 page
- SUSE CVE CVE-2023-5858 page
- SUSE CVE CVE-2023-5859 page
- SUSE CVE CVE-2023-5996 page
Описание
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5480
- SUSE Bug 1216783
Описание
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5482
- SUSE Bug 1216783
Описание
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5849
- SUSE Bug 1216783
Описание
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5850
- SUSE Bug 1216783
Описание
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5851
- SUSE Bug 1216783
Описание
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5852
- SUSE Bug 1216783
Описание
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5853
- SUSE Bug 1216783
Описание
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5854
- SUSE Bug 1216783
Описание
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5855
- SUSE Bug 1216783
Описание
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5856
- SUSE Bug 1216783
Описание
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2023-5857
- SUSE Bug 1216783
Описание
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2023-5858
- SUSE Bug 1216783
Описание
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2023-5859
- SUSE Bug 1216783
Описание
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2023-5996
- SUSE Bug 1216978