Bug ID 1222035
Summary VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.86
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.5
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter andrea.mattiazzo@suse.com
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker --- 

The Stable channel has been updated to 123.0.6312.86 to Linux which will roll
out over the coming days/weeks. A full list of changes in this build is
available in the Log.

Security Fixes and Rewards

This update includes 7 security fixes. Below, we highlight fixes that were
contributed by external researchers. Please see the Chrome Security Page for
more information.

[327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by
Cassidy Kim(@cassidy6564) on 2024-03-03

[328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on
2024-03-11

[330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by
Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21

[330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by
Manfred Paul, via Pwn2Own 2024 on 2024-03-21

As usual, our ongoing internal security work was responsible for a wide range
of fixes:

[331221727] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,
UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL

You are receiving this mail because: