Update Info

openSUSE-2023-234


Security update for chromium


Type: security
Severity: important
Issued: 2023-08-21
Description:
This update for chromium fixes the following issues:

Chromium 116.0.5845.96

* New CSS features: Motion Path, and "display" and
  "content-visibility" animations
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
  forward cache NotRestoredReason API, Document Picture-in-
  Picture, Expanded Wildcards in Permissions Policy Origins,
  FedCM bundle: Login Hint API, User Info API, and RP Context API,
  Non-composed Mouse and Pointer enter/leave events, 
  Remove document.open sandbox inheritance, 
  Report Critical-CH caused restart in NavigationTiming

This update fixes a number of security issues (boo#1214301):

  * CVE-2023-2312: Use after free in Offline
  * CVE-2023-4349: Use after free in Device Trust Connectors
  * CVE-2023-4350: Inappropriate implementation in Fullscreen
  * CVE-2023-4351: Use after free in Network
  * CVE-2023-4352: Type Confusion in V8
  * CVE-2023-4353: Heap buffer overflow in ANGLE
  * CVE-2023-4354: Heap buffer overflow in Skia
  * CVE-2023-4355: Out of bounds memory access in V8
  * CVE-2023-4356: Use after free in Audio
  * CVE-2023-4357: Insufficient validation of untrusted input in XML
  * CVE-2023-4358: Use after free in DNS
  * CVE-2023-4359: Inappropriate implementation in App Launcher
  * CVE-2023-4360: Inappropriate implementation in Color
  * CVE-2023-4361: Inappropriate implementation in Autofill
  * CVE-2023-4362: Heap buffer overflow in Mojom IDL
  * CVE-2023-4363: Inappropriate implementation in WebShare
  * CVE-2023-4364: Inappropriate implementation in Permission Prompts
  * CVE-2023-4365: Inappropriate implementation in Fullscreen
  * CVE-2023-4366: Use after free in Extensions
  * CVE-2023-4367: Insufficient policy enforcement in Extensions API
  * CVE-2023-4368: Insufficient policy enforcement in Extensions API

- Fix crash with extensions (boo#1214003)



              

Packages


  • chromium-116.0.5845.96-bp155.2.19.1