openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0136-1 Rating: critical References: #1224208 #1224294 #1224341 Cross-References: CVE-2024-4761 CVE-2024-4947 CVE-2024-4948 CVE-2024-4949 CVE-2024-4950 CVSS scores: CVE-2024-4761 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 125.0.6422.60 (boo#1224341) * CVE-2024-4947: Type Confusion in V8 * CVE-2024-4948: Use after free in Dawn * CVE-2024-4949: Use after free in V8 * CVE-2024-4950: Inappropriate implementation in Downloads - Chromium 125.0.6422.41 * New upstream (early) stable release. - Chromium 124.0.6367.207 (boo#1224294) * CVE-2024-4761: Out of bounds write in V8 - Chromium 124.0.6367.201 (boo#1224208) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-136=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-125.0.6422.60-bp155.2.82.1 chromium-125.0.6422.60-bp155.2.82.1 References: https://www.suse.com/security/cve/CVE-2024-4761.html https://www.suse.com/security/cve/CVE-2024-4947.html https://www.suse.com/security/cve/CVE-2024-4948.html https://www.suse.com/security/cve/CVE-2024-4949.html https://www.suse.com/security/cve/CVE-2024-4950.html https://bugzilla.suse.com/1224208 https://bugzilla.suse.com/1224294 https://bugzilla.suse.com/1224341