Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 125.0.6422.141 (boo#1225690)
- CVE-2024-5493: Heap buffer overflow in WebRTC
- CVE-2024-5494: Use after free in Dawn
- CVE-2024-5495: Use after free in Dawn
- CVE-2024-5496: Use after free in Media Session
- CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
- CVE-2024-5498: Use after free in Presentation API
- CVE-2024-5499: Out of bounds write in Streams API
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0155-1
- SUSE Security Ratings
- SUSE Bug 1225690
- SUSE CVE CVE-2024-5493 page
- SUSE CVE CVE-2024-5494 page
- SUSE CVE CVE-2024-5495 page
- SUSE CVE CVE-2024-5496 page
- SUSE CVE CVE-2024-5497 page
- SUSE CVE CVE-2024-5498 page
- SUSE CVE CVE-2024-5499 page
Описание
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5493
- SUSE Bug 1225690
Описание
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5494
- SUSE Bug 1225690
Описание
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5495
- SUSE Bug 1225690
Описание
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5496
- SUSE Bug 1225690
Описание
Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5497
- SUSE Bug 1225690
Описание
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5498
- SUSE Bug 1225690
Описание
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5499
- SUSE Bug 1225690