SUSE Package Hub - openSUSE-2023-277

Update Info

openSUSE-2023-277

Security update for chromium

Type: security

Severity: critical

Issued: 2023-09-29

Description:

This update for chromium fixes the following issues:

- Chromium 117.0.5938.132 (boo#1215776):
  * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
  * CVE-2023-5186: Use after free in Passwords
  * CVE-2023-5187: Use after free in Extensions

- Chromium 117.0.5938.92:
  * stability improvements

References

CVE: CVE-2023-5217
CVE: CVE-2023-5187
CVE: CVE-2023-5186
Bugzilla: 1215778 VUL-0: CVE-2023-5217: libvpx: Heap buffer overflow in vp8 encoding in libvpx
Bugzilla: 1215776 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 117.0.5938.132

Packages

chromium-117.0.5938.132-bp155.2.40.1