Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 126.0.6478.182 (boo#1227979):
- CVE-2024-6772: Inappropriate implementation in V8
- CVE-2024-6773: Type Confusion in V8
- CVE-2024-6774: Use after free in Screen Capture
- CVE-2024-6775: Use after free in Media Stream
- CVE-2024-6776: Use after free in Audio
- CVE-2024-6777: Use after free in Navigation
- CVE-2024-6778: Race in DevTools
- CVE-2024-6779: Out of bounds memory access in V8
Список пакетов
SUSE Package Hub 15 SP5
SUSE Package Hub 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0212-1
- SUSE Security Ratings
- SUSE Bug 1227979
- SUSE CVE CVE-2024-6772 page
- SUSE CVE CVE-2024-6773 page
- SUSE CVE CVE-2024-6774 page
- SUSE CVE CVE-2024-6775 page
- SUSE CVE CVE-2024-6776 page
- SUSE CVE CVE-2024-6777 page
- SUSE CVE CVE-2024-6778 page
- SUSE CVE CVE-2024-6779 page
Описание
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6772
- SUSE Bug 1227979
Описание
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6773
- SUSE Bug 1227979
Описание
Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6774
- SUSE Bug 1227979
Описание
Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6775
- SUSE Bug 1227979
Описание
Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6776
- SUSE Bug 1227979
Описание
Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6777
- SUSE Bug 1227979
Описание
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6778
- SUSE Bug 1227979
Описание
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-6779
- SUSE Bug 1227979