Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2023:0387-1

Опубликовано: 30 нояб. 2023
Источник: suse-cvrf

Описание

Security update for chromium

This update for Chromium fixes the following issue:

Chromium 119.0.6045.199 (boo#1217616)

  • CVE-2023-6348: Type Confusion in Spellcheck
  • CVE-2023-6347: Use after free in Mojo
  • CVE-2023-6346: Use after free in WebAudio
  • CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
  • CVE-2023-6351: Use after free in libavif (boo#1217615)
  • CVE-2023-6345: Integer overflow in Skia
  • Various fixes from internal audits, fuzzing and other initiatives.

Список пакетов

SUSE Package Hub 15 SP4
chromedriver-119.0.6045.199-bp155.2.61.1
chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5
chromedriver-119.0.6045.199-bp155.2.61.1
chromium-119.0.6045.199-bp155.2.61.1
openSUSE Leap 15.4
chromedriver-119.0.6045.199-bp155.2.61.1
chromium-119.0.6045.199-bp155.2.61.1
openSUSE Leap 15.5
chromedriver-119.0.6045.199-bp155.2.61.1
chromium-119.0.6045.199-bp155.2.61.1

Ссылки

Описание

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP4:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP4:chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromium-119.0.6045.199-bp155.2.61.1
Ссылки

Описание

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP4:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP4:chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromium-119.0.6045.199-bp155.2.61.1
Ссылки

Описание

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP4:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP4:chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromium-119.0.6045.199-bp155.2.61.1
Ссылки

Описание

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP4:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP4:chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromium-119.0.6045.199-bp155.2.61.1
Ссылки

Описание

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP4:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP4:chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromium-119.0.6045.199-bp155.2.61.1
Ссылки

Описание

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP4:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP4:chromium-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromedriver-119.0.6045.199-bp155.2.61.1
SUSE Package Hub 15 SP5:chromium-119.0.6045.199-bp155.2.61.1
Ссылки
Уязвимость openSUSE-SU-2023:0387-1