[Bug 1210126] New: VUL-0: chromium: multiple security issues fixed in 112.0.5615.49
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 Bug ID: 1210126 Summary: VUL-0: chromium: multiple security issues fixed in 112.0.5615.49 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: gmbr3@opensuse.org Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de Found By: --- Blocker: --- https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desk... Fixed in Chromium 112.0.5615.49: CVE-2023-1810: Heap buffer overflow in Visuals CVE-2023-1811: Use after free in Frames CVE-2023-1812: Out of bounds memory access in DOM Bindings CVE-2023-1813: Inappropriate implementation in Extensions CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing CVE-2023-1815: Use after free in Networking APIs CVE-2023-1816: Incorrect security UI in Picture In Picture CVE-2023-1817: Insufficient policy enforcement in Intents CVE-2023-1818: Use after free in Vulkan CVE-2023-1819: Out of bounds read in Accessibility CVE-2023-1820: Heap buffer overflow in Browser History CVE-2023-1821: Inappropriate implementation in WebShare CVE-2023-1822: Incorrect security UI in Navigation CVE-2023-1823: Inappropriate implementation in FedCM Various fixes from internal audits, fuzzing and other initiatives -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- The bump is ready in network:chromium/chromium-beta but I could only get it to work on TW. Calum do you have ideas for the failures seen on 15.4 and 15.5? They do not make sense to me at all. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c3 --- Comment #3 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Just saw that and put a 112.0.5615.49 into network:chromium/chromium (with the same failures as -beta) - otherwise holding off for now. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c4 --- Comment #4 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1210126) was mentioned in https://build.opensuse.org/request/show/1077628 Factory / chromium -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c5 --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Can���t figure out the Leap failures at all -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c7 --- Comment #7 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Created attachment 866188 --> http://bugzilla.opensuse.org/attachment.cgi?id=866188&action=edit chromium-112-feed_protos.patch Patch at https://src.fedoraproject.org/rpms/chromium/blob/rawhide/f/chromium-112-feed... seems to address this -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c8 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmbr3@opensuse.org Assignee|gmbr3@opensuse.org |security-team@suse.de --- Comment #8 from Andreas Stieger <Andreas.Stieger@gmx.de> --- That seemed to have worked. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c9 --- Comment #9 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1210126) was mentioned in https://build.opensuse.org/request/show/1077870 Backports:SLE-15-SP4 / chromium -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c10 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |gmbr3@opensuse.org --- Comment #10 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Leap 15.4: [ 6611s] ../components/password_manager/core/browser/affiliation/affiliation_fetcher_base.cc:182:6: error: equality comparison operator can only be defaulted in a class definition [ 6611s] bool operator==(const AffiliationFetcherInterface::RequestInfo& lhs, [ 6611s] ^ [ 6611s] 1 error generated. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c12 --- Comment #12 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1210126) was mentioned in https://build.opensuse.org/request/show/1077913 Backports:SLE-15-SP5 / chromium -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c13 --- Comment #13 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Right. Breaking change: https://chromium-review.googlesource.com/c/chromium/src/+/4239546/16/compone... Related C++ spec: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p2085r0.html LLVM: https://reviews.llvm.org/D103929 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c14 --- Comment #14 from Aaron Puchert <aaronpuchert@alice-dsl.net> --- (In reply to Callum Farmer from comment #11)
Looks like C++20 incompatibility. Needs a newer Clang hence why it passes on 15.5.
Not sure if I can send a newer LLVM via maintenance request. If this is the only error, maybe you can just move the declaration into the class in a patch? That might of course create problems if certain headers aren't included where the class is defined, but maybe not. (In reply to Andreas Stieger from comment #13)
Breaking change: https://chromium-review.googlesource.com/c/chromium/src/+/4239546/16/ components/password_manager/core/browser/affiliation/ affiliation_fetcher_base.cc#183 Related C++ spec: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p2085r0.html
Interestingly that paper "[retains] the restriction that [defaulted comparisons] be declared in the relevant class to avoid encouraging clients to add to a class���s interface (and to avoid questions of access)." But in that change, there is no declaration in the class, only afterwards. (In reply to Andreas Stieger from comment #13)
Seems that https://reviews.llvm.org/D104478 eventually did it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1210126 http://bugzilla.opensuse.org/show_bug.cgi?id=1210126#c15 --- Comment #15 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Another change that breaks on the Leap 15.4 LLVM: https://chromium.googlesource.com/chromium/src/+/b411fe63751d34b98d377e6dc46... -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com