Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
- CVE-2024-6290: Use after free in Dawn
- CVE-2024-6291: Use after free in Swiftshader
- CVE-2024-6292: Use after free in Dawn
- CVE-2024-6293: Use after free in Dawn
- CVE-2024-6100: Type Confusion in V8
- CVE-2024-6101: Inappropriate implementation in WebAssembly
- CVE-2024-6102: Out of bounds memory access in Dawn
- CVE-2024-6103: Use after free in Dawn
- CVE-2024-5830: Type Confusion in V8
- CVE-2024-5831: Use after free in Dawn
- CVE-2024-5832: Use after free in Dawn
- CVE-2024-5833: Type Confusion in V8
- CVE-2024-5834: Inappropriate implementation in Dawn
- CVE-2024-5835: Heap buffer overflow in Tab Groups
- CVE-2024-5836: Inappropriate Implementation in DevTools
- CVE-2024-5837: Type Confusion in V8
- CVE-2024-5838: Type Confusion in V8
- CVE-2024-5839: Inappropriate Implementation in Memory Allocator
- CVE-2024-5840: Policy Bypass in CORS
- CVE-2024-5841: Use after free in V8
- CVE-2024-5842: Use after free in Browser UI
- CVE-2024-5843: Inappropriate implementation in Downloads
- CVE-2024-5844: Heap buffer overflow in Tab Strip
- CVE-2024-5845: Use after free in Audio
- CVE-2024-5846: Use after free in PDFium
- CVE-2024-5847: Use after free in PDFium
- Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (boo#1226170)
Список пакетов
SUSE Package Hub 15 SP5
SUSE Package Hub 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0204-1
- SUSE Security Ratings
- SUSE Bug 1226170
- SUSE Bug 1226205
- SUSE Bug 1226504
- SUSE Bug 1226933
- SUSE CVE CVE-2024-5830 page
- SUSE CVE CVE-2024-5831 page
- SUSE CVE CVE-2024-5832 page
- SUSE CVE CVE-2024-5833 page
- SUSE CVE CVE-2024-5834 page
- SUSE CVE CVE-2024-5835 page
- SUSE CVE CVE-2024-5836 page
- SUSE CVE CVE-2024-5837 page
- SUSE CVE CVE-2024-5838 page
- SUSE CVE CVE-2024-5839 page
- SUSE CVE CVE-2024-5840 page
- SUSE CVE CVE-2024-5841 page
- SUSE CVE CVE-2024-5842 page
- SUSE CVE CVE-2024-5843 page
Описание
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5830
- SUSE Bug 1226205
Описание
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5831
- SUSE Bug 1226205
Описание
Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5832
- SUSE Bug 1226205
Описание
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5833
- SUSE Bug 1226205
Описание
Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5834
- SUSE Bug 1226205
Описание
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5835
- SUSE Bug 1226205
Описание
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5836
- SUSE Bug 1226205
Описание
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5837
- SUSE Bug 1226205
Описание
Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-5838
- SUSE Bug 1226205
Описание
Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5839
- SUSE Bug 1226205
Описание
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5840
- SUSE Bug 1226205
Описание
Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5841
- SUSE Bug 1226205
Описание
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5842
- SUSE Bug 1226205
Описание
Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5843
- SUSE Bug 1226205
Описание
Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5844
- SUSE Bug 1226205
Описание
Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5845
- SUSE Bug 1226205
Описание
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5846
- SUSE Bug 1226205
Описание
Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-5847
- SUSE Bug 1226205
Описание
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6100
- SUSE Bug 1226504
Описание
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6101
- SUSE Bug 1226504
Описание
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6102
- SUSE Bug 1226504
Описание
Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6103
- SUSE Bug 1226504
Описание
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6290
- SUSE Bug 1226933
Описание
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6291
- SUSE Bug 1226933
Описание
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6292
- SUSE Bug 1226933
Описание
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6293
- SUSE Bug 1226933