Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311)
- CVE-2024-11110: Inappropriate implementation in Blink.
- CVE-2024-11111: Inappropriate implementation in Autofill.
- CVE-2024-11112: Use after free in Media.
- CVE-2024-11113: Use after free in Accessibility.
- CVE-2024-11114: Inappropriate implementation in Views.
- CVE-2024-11115: Insufficient policy enforcement in Navigation.
- CVE-2024-11116: Inappropriate implementation in Paint.
- CVE-2024-11117: Inappropriate implementation in FileSystem.
Список пакетов
SUSE Package Hub 15 SP6
openSUSE Leap 15.6
Ссылки
- E-Mail link for openSUSE-SU-2024:0374-1
- SUSE Security Ratings
- SUSE Bug 1233311
- SUSE CVE CVE-2024-11110 page
- SUSE CVE CVE-2024-11111 page
- SUSE CVE CVE-2024-11112 page
- SUSE CVE CVE-2024-11113 page
- SUSE CVE CVE-2024-11114 page
- SUSE CVE CVE-2024-11115 page
- SUSE CVE CVE-2024-11116 page
- SUSE CVE CVE-2024-11117 page
Описание
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2024-11110
- SUSE Bug 1233311
Описание
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-11111
- SUSE Bug 1233311
Описание
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-11112
- SUSE Bug 1233311
Описание
Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-11113
- SUSE Bug 1233311
Описание
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-11114
- SUSE Bug 1233311
Описание
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-11115
- SUSE Bug 1233311
Описание
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2024-11116
- SUSE Bug 1233311
Описание
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2024-11117
- SUSE Bug 1233311