openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0234-1 Rating: important References: #1214003 #1214301 Cross-References: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 Affected Products: openSUSE Backports SLE-15-SP4 openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 116.0.5845.96 * New CSS features: Motion Path, and "display" and "content-visibility" animations * Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info API, and RP Context API, Non-composed Mouse and Pointer enter/leave events, Remove document.open sandbox inheritance, Report Critical-CH caused restart in NavigationTiming This update fixes a number of security issues (boo#1214301): * CVE-2023-2312: Use after free in Offline * CVE-2023-4349: Use after free in Device Trust Connectors * CVE-2023-4350: Inappropriate implementation in Fullscreen * CVE-2023-4351: Use after free in Network * CVE-2023-4352: Type Confusion in V8 * CVE-2023-4353: Heap buffer overflow in ANGLE * CVE-2023-4354: Heap buffer overflow in Skia * CVE-2023-4355: Out of bounds memory access in V8 * CVE-2023-4356: Use after free in Audio * CVE-2023-4357: Insufficient validation of untrusted input in XML * CVE-2023-4358: Use after free in DNS * CVE-2023-4359: Inappropriate implementation in App Launcher * CVE-2023-4360: Inappropriate implementation in Color * CVE-2023-4361: Inappropriate implementation in Autofill * CVE-2023-4362: Heap buffer overflow in Mojom IDL * CVE-2023-4363: Inappropriate implementation in WebShare * CVE-2023-4364: Inappropriate implementation in Permission Prompts * CVE-2023-4365: Inappropriate implementation in Fullscreen * CVE-2023-4366: Use after free in Extensions * CVE-2023-4367: Insufficient policy enforcement in Extensions API * CVE-2023-4368: Insufficient policy enforcement in Extensions API - Fix crash with extensions (boo#1214003) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-234=1 - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-234=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-116.0.5845.96-bp155.2.19.1 chromedriver-debuginfo-116.0.5845.96-bp155.2.19.1 chromium-116.0.5845.96-bp155.2.19.1 chromium-debuginfo-116.0.5845.96-bp155.2.19.1 - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-116.0.5845.96-bp154.2.105.1 chromium-116.0.5845.96-bp154.2.105.1 References: https://www.suse.com/security/cve/CVE-2023-2312.html https://www.suse.com/security/cve/CVE-2023-4349.html https://www.suse.com/security/cve/CVE-2023-4350.html https://www.suse.com/security/cve/CVE-2023-4351.html https://www.suse.com/security/cve/CVE-2023-4352.html https://www.suse.com/security/cve/CVE-2023-4353.html https://www.suse.com/security/cve/CVE-2023-4354.html https://www.suse.com/security/cve/CVE-2023-4355.html https://www.suse.com/security/cve/CVE-2023-4356.html https://www.suse.com/security/cve/CVE-2023-4357.html https://www.suse.com/security/cve/CVE-2023-4358.html https://www.suse.com/security/cve/CVE-2023-4359.html https://www.suse.com/security/cve/CVE-2023-4360.html https://www.suse.com/security/cve/CVE-2023-4361.html https://www.suse.com/security/cve/CVE-2023-4362.html https://www.suse.com/security/cve/CVE-2023-4363.html https://www.suse.com/security/cve/CVE-2023-4364.html https://www.suse.com/security/cve/CVE-2023-4365.html https://www.suse.com/security/cve/CVE-2023-4366.html https://www.suse.com/security/cve/CVE-2023-4367.html https://www.suse.com/security/cve/CVE-2023-4368.html https://bugzilla.suse.com/1214003 https://bugzilla.suse.com/1214301