[Bug 1222035] New: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.86
https://bugzilla.suse.com/show_bug.cgi?id=1222035 Bug ID: 1222035 Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.86 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: andrea.mattiazzo@suse.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- The Stable channel has been updated to 123.0.6312.86 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03 [328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 [330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21 As usual, our ongoing internal security work was responsible for a wide range of fixes: [331221727] Various fixes from internal audits, fuzzing and other initiatives Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222035
Andrea Mattiazzo
https://bugzilla.suse.com/show_bug.cgi?id=1222035
Andrea Mattiazzo
https://bugzilla.suse.com/show_bug.cgi?id=1222035
Andrea Mattiazzo
https://bugzilla.suse.com/show_bug.cgi?id=1222035
Maintenance Automation
https://bugzilla.suse.com/show_bug.cgi?id=1222035
https://bugzilla.suse.com/show_bug.cgi?id=1222035#c4
--- Comment #4 from Marcus Meissner
participants (1)
-
bugzilla_noreply@suse.com