openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0093-1 Rating: important References: #1210618 Cross-References: CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 112.0.5615.165 (boo#1210618): * CVE-2023-2133: Out of bounds memory access in Service Worker API * CVE-2023-2134: Out of bounds memory access in Service Worker API * CVE-2023-2135: Use after free in DevTools * CVE-2023-2136: Integer overflow in Skia * CVE-2023-2137: Heap buffer overflow in sqlite Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-93=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-112.0.5615.165-bp154.2.84.1 chromedriver-debuginfo-112.0.5615.165-bp154.2.84.1 chromium-112.0.5615.165-bp154.2.84.1 chromium-debuginfo-112.0.5615.165-bp154.2.84.1 References: https://www.suse.com/security/cve/CVE-2023-2133.html https://www.suse.com/security/cve/CVE-2023-2134.html https://www.suse.com/security/cve/CVE-2023-2135.html https://www.suse.com/security/cve/CVE-2023-2136.html https://www.suse.com/security/cve/CVE-2023-2137.html https://bugzilla.suse.com/1210618