SUSE Package Hub - openSUSE-2023-387

Update Info

openSUSE-2023-387

Security update for chromium

Type: security

Severity: important

Issued: 2023-11-30

Description:

This update for Chromium fixes the following issue:

Chromium 119.0.6045.199 (boo#1217616)

* CVE-2023-6348: Type Confusion in Spellcheck
* CVE-2023-6347: Use after free in Mojo
* CVE-2023-6346: Use after free in WebAudio
* CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
* CVE-2023-6351: Use after free in libavif (boo#1217615)
* CVE-2023-6345: Integer overflow in Skia
* Various fixes from internal audits, fuzzing and other initiatives.

References

CVE: CVE-2023-6351
CVE: CVE-2023-6350
CVE: CVE-2023-6348
CVE: CVE-2023-6347
CVE: CVE-2023-6346
CVE: CVE-2023-6345
Bugzilla: 1217616 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 119.0.6045.199
Bugzilla: 1217615 VUL-0: CVE-2023-6351: libavif,chromium,ungoogled-chromium: use-after-free in colorProperties
Bugzilla: 1217614 VUL-0: CVE-2023-6350: libavif,chromium,ungoogled-chromium: Out of bounds memory to alphaItemIndices

Packages

chromium-119.0.6045.199-bp155.2.61.1