[Bug 1222035] New: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.86
https://bugzilla.suse.com/show_bug.cgi?id=1222035 Bug ID: 1222035 Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.86 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: andrea.mattiazzo@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- The Stable channel has been updated to 123.0.6312.86 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03 [328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 [330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21 As usual, our ongoing internal security work was responsible for a wide range of fixes: [331221727] Various fixes from internal audits, fuzzing and other initiatives Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222035 Andrea Mattiazzo <andrea.mattiazzo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger@gmx.de, | |gmbr3@opensuse.org Alias| |CVE-2024-2883, | |CVE-2024-2885, | |CVE-2024-2886, | |CVE-2024-2887 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222035 Andrea Mattiazzo <andrea.mattiazzo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|qa-bugs@suse.de |security-team@suse.de Assignee|security-team@suse.de |m.szczepaniak.000@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222035 Andrea Mattiazzo <andrea.mattiazzo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andrea.mattiazzo@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222035 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222035 https://bugzilla.suse.com/show_bug.cgi?id=1222035#c4 --- Comment #4 from Marcus Meissner <meissner@suse.com> --- openSUSE-SU-2024:0123-1: An update that fixes 35 vulnerabilities is now available. Category: security (important) Bug References: 1221732,1222035,1222260,1222707,1222958,1223845,1223846,1224045 CVE References: CVE-2024-2625,CVE-2024-2626,CVE-2024-2627,CVE-2024-2628,CVE-2024-2883,CVE-2024-2885,CVE-2024-2886,CVE-2024-2887,CVE-2024-3156,CVE-2024-3157,CVE-2024-3158,CVE-2024-3159,CVE-2024-3515,CVE-2024-3516,CVE-2024-3832,CVE-2024-3833,CVE-2024-3834,CVE-2024-3837,CVE-2024-3838,CVE-2024-3839,CVE-2024-3840,CVE-2024-3841,CVE-2024-3843,CVE-2024-3844,CVE-2024-3845,CVE-2024-3846,CVE-2024-3847,CVE-2024-4058,CVE-2024-4059,CVE-2024-4060,CVE-2024-4331,CVE-2024-4368,CVE-2024-4558,CVE-2024-4559,CVE-2024-4671 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): chromium-124.0.6367.201-bp155.2.78.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com