Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2024:0084-1

Опубликовано: 18 мар. 2024
Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issue:

Chromium 122.0.6261.128 (boo#1221335)

  • CVE-2024-2400: Use after free in Performance Manager

Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)

  • New upstream security release.
  • CVE-2024-2173: Out of bounds memory access in V8.
  • CVE-2024-2174: Inappropriate implementation in V8.
  • CVE-2024-2176: Use after free in FedCM.

Chromium 122.0.6261.94

  • CVE-2024-1669: Out of bounds memory access in Blink.
  • CVE-2024-1670: Use after free in Mojo.
  • CVE-2024-1671: Inappropriate implementation in Site Isolation.
  • CVE-2024-1672: Inappropriate implementation in Content Security Policy.
  • CVE-2024-1673: Use after free in Accessibility.
  • CVE-2024-1674: Inappropriate implementation in Navigation.
  • CVE-2024-1675: Insufficient policy enforcement in Download.
  • CVE-2024-1676: Inappropriate implementation in Navigation.
  • Type Confusion in V8

Список пакетов

SUSE Package Hub 15 SP5
chromedriver-122.0.6261.128-bp155.2.75.1
chromium-122.0.6261.128-bp155.2.75.1
clang17-17.0.6-bp155.2.2
clang17-devel-17.0.6-bp155.2.2
clang17-doc-17.0.6-bp155.2.2
libLLVM17-17.0.6-bp155.2.2
libLLVM17-32bit-17.0.6-bp155.2.2
libLLVM17-64bit-17.0.6-bp155.2.2
libLTO17-17.0.6-bp155.2.2
libclang-cpp17-17.0.6-bp155.2.2
libclang-cpp17-32bit-17.0.6-bp155.2.2
libclang-cpp17-64bit-17.0.6-bp155.2.2
liblldb17-17.0.6-bp155.2.2
libomp17-devel-17.0.6-bp155.2.2
lld17-17.0.6-bp155.2.2
lldb17-17.0.6-bp155.2.2
lldb17-devel-17.0.6-bp155.2.2
llvm17-17.0.6-bp155.2.2
llvm17-devel-17.0.6-bp155.2.2
llvm17-doc-17.0.6-bp155.2.2
llvm17-gold-17.0.6-bp155.2.2
llvm17-libc++-devel-17.0.6-bp155.2.2
llvm17-libc++1-17.0.6-bp155.2.2
llvm17-libc++abi-devel-17.0.6-bp155.2.2
llvm17-libc++abi1-17.0.6-bp155.2.2
llvm17-libclang13-17.0.6-bp155.2.2
llvm17-opt-viewer-17.0.6-bp155.2.2
llvm17-polly-17.0.6-bp155.2.2
llvm17-polly-devel-17.0.6-bp155.2.2
llvm17-vim-plugins-17.0.6-bp155.2.2
python3-clang17-17.0.6-bp155.2.2
python3-lldb17-17.0.6-bp155.2.2
openSUSE Leap 15.5
chromedriver-122.0.6261.128-bp155.2.75.1
chromium-122.0.6261.128-bp155.2.75.1
clang17-17.0.6-bp155.2.2
clang17-devel-17.0.6-bp155.2.2
clang17-doc-17.0.6-bp155.2.2
libLLVM17-17.0.6-bp155.2.2
libLLVM17-32bit-17.0.6-bp155.2.2
libLLVM17-64bit-17.0.6-bp155.2.2
libLTO17-17.0.6-bp155.2.2
libclang-cpp17-17.0.6-bp155.2.2
libclang-cpp17-32bit-17.0.6-bp155.2.2
libclang-cpp17-64bit-17.0.6-bp155.2.2
liblldb17-17.0.6-bp155.2.2
libomp17-devel-17.0.6-bp155.2.2
lld17-17.0.6-bp155.2.2
lldb17-17.0.6-bp155.2.2
lldb17-devel-17.0.6-bp155.2.2
llvm17-17.0.6-bp155.2.2
llvm17-devel-17.0.6-bp155.2.2
llvm17-doc-17.0.6-bp155.2.2
llvm17-gold-17.0.6-bp155.2.2
llvm17-libc++-devel-17.0.6-bp155.2.2
llvm17-libc++1-17.0.6-bp155.2.2
llvm17-libc++abi-devel-17.0.6-bp155.2.2
llvm17-libc++abi1-17.0.6-bp155.2.2
llvm17-libclang13-17.0.6-bp155.2.2
llvm17-opt-viewer-17.0.6-bp155.2.2
llvm17-polly-17.0.6-bp155.2.2
llvm17-polly-devel-17.0.6-bp155.2.2
llvm17-vim-plugins-17.0.6-bp155.2.2
python3-clang17-17.0.6-bp155.2.2
python3-lldb17-17.0.6-bp155.2.2

Ссылки

Описание

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки

Описание

Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Package Hub 15 SP5:chromedriver-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:chromium-122.0.6261.128-bp155.2.75.1
SUSE Package Hub 15 SP5:clang17-17.0.6-bp155.2.2
SUSE Package Hub 15 SP5:clang17-devel-17.0.6-bp155.2.2
Ссылки
Уязвимость openSUSE-SU-2024:0084-1