Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 130.0.6723.58 (boo#1231694)
- CVE-2024-9954: Use after free in AI
- CVE-2024-9955: Use after free in Web Authentication
- CVE-2024-9956: Inappropriate implementation in Web Authentication
- CVE-2024-9957: Use after free in UI
- CVE-2024-9958: Inappropriate implementation in PictureInPicture
- CVE-2024-9959: Use after free in DevTools
- CVE-2024-9960: Use after free in Dawn
- CVE-2024-9961: Use after free in Parcel Tracking
- CVE-2024-9962: Inappropriate implementation in Permissions
- CVE-2024-9963: Insufficient data validation in Downloads
- CVE-2024-9964: Inappropriate implementation in Payments
- CVE-2024-9965: Insufficient data validation in DevTools
- CVE-2024-9966: Inappropriate implementation in Navigations
Список пакетов
SUSE Package Hub 15 SP5
SUSE Package Hub 15 SP6
openSUSE Leap 15.5
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0337-1
- SUSE Security Ratings
- SUSE Bug 1231694
- SUSE CVE CVE-2024-9954 page
- SUSE CVE CVE-2024-9955 page
- SUSE CVE CVE-2024-9956 page
- SUSE CVE CVE-2024-9957 page
- SUSE CVE CVE-2024-9958 page
- SUSE CVE CVE-2024-9959 page
- SUSE CVE CVE-2024-9960 page
- SUSE CVE CVE-2024-9961 page
- SUSE CVE CVE-2024-9962 page
- SUSE CVE CVE-2024-9963 page
- SUSE CVE CVE-2024-9964 page
- SUSE CVE CVE-2024-9965 page
- SUSE CVE CVE-2024-9966 page
Описание
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-9954
- SUSE Bug 1231694
Описание
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9955
- SUSE Bug 1231694
Описание
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9956
- SUSE Bug 1231694
Описание
Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9957
- SUSE Bug 1231694
Описание
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9958
- SUSE Bug 1231694
Описание
Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9959
- SUSE Bug 1231694
Описание
Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9960
- SUSE Bug 1231694
Описание
Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9961
- SUSE Bug 1231694
Описание
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9962
- SUSE Bug 1231694
Описание
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-9963
- SUSE Bug 1231694
Описание
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2024-9964
- SUSE Bug 1231694
Описание
Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2024-9965
- SUSE Bug 1231694
Описание
Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2024-9966
- SUSE Bug 1231694