Bug ID 1222707
Summary VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.122
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Major
Priority P5 - None
Component Security
Assignee Andreas.Stieger@gmx.de
Reporter thomas.leroy@suse.com
QA Contact security-team@suse.de
CC m.szczepaniak.000@gmail.com
Target Milestone ---
Found By ---
Blocker --- 

The Stable channel has been updated to 123.0.6312.122/.123 for Windows
123.0.6312.122/.123/.124 for Mac and 123.0.6312.122 to Linux which will roll
out over the coming days/weeks. A full list of changes in this build is
available in the Log


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority
of users are updated with a fix. We will also retain restrictions if the bug
exists in a third party library that other projects similarly depend on, but
haven’t yet fixed.

This update includes 3 security fixes. Below, we highlight fixes that were
contributed by external researchers. Please see the Chrome Security Page for
more information.

High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on
2024-03-26
High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham
and Toan (suto) Pham of Qrious Secure on 2024-03-09
High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25

https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html

You are receiving this mail because: