Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 129.0.6668.58 (stable released 2024-09-17) (boo#1230678)
- CVE-2024-8904: Type Confusion in V8
- CVE-2024-8905: Inappropriate implementation in V8
- CVE-2024-8906: Incorrect security UI in Downloads
- CVE-2024-8907: Insufficient data validation in Omnibox
- CVE-2024-8908: Inappropriate implementation in Autofill
- CVE-2024-8909: Inappropriate implementation in UI
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0311-1
- SUSE Security Ratings
- SUSE Bug 1230678
- SUSE CVE CVE-2024-8904 page
- SUSE CVE CVE-2024-8905 page
- SUSE CVE CVE-2024-8906 page
- SUSE CVE CVE-2024-8907 page
- SUSE CVE CVE-2024-8908 page
- SUSE CVE CVE-2024-8909 page
Описание
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-8904
- SUSE Bug 1230678
Описание
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-8905
- SUSE Bug 1230678
Описание
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-8906
- SUSE Bug 1230678
Описание
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-8907
- SUSE Bug 1230678
Описание
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2024-8908
- SUSE Bug 1230678
Описание
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2024-8909
- SUSE Bug 1230678