SUSE Package Hub - openSUSE-2024-123

Update Info

openSUSE-2024-123

Security update for chromium

Type: security

Severity: important

Issued: 2024-05-13

Description:

RETRACTED: This update for chromium fixes the following issues:
NOTE: This update was retracted due to massive stability issues.

- Chromium 124.0.6367.201
  * CVE-2024-4671: Use after free in Visuals

- Chromium 124.0.6367.155 (boo#1224045)
  * CVE-2024-4558: Use after free in ANGLE
  * CVE-2024-4559: Heap buffer overflow in WebAudio

- Chromium 124.0.6367.118 (boo#1223846)
  * CVE-2024-4331: Use after free in Picture In Picture
  * CVE-2024-4368: Use after free in Dawn

- Chromium 124.0.6367.78 (boo#1223845)
  * CVE-2024-4058: Type Confusion in ANGLE
  * CVE-2024-4059: Out of bounds read in V8 API
  * CVE-2024-4060: Use after free in Dawn

- Chromium 124.0.6367.60 (boo#1222958)
  * CVE-2024-3832: Object corruption in V8.
  * CVE-2024-3833: Object corruption in WebAssembly.
  * CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
  * CVE-2024-3837: Use after free in QUIC.
  * CVE-2024-3838: Inappropriate implementation in Autofill.
  * CVE-2024-3839: Out of bounds read in Fonts.
  * CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
  * CVE-2024-3841: Insufficient data validation in Browser Switcher.
  * CVE-2024-3843: Insufficient data validation in Downloads.
  * CVE-2024-3844: Inappropriate implementation in Extensions.
  * CVE-2024-3845: Inappropriate implementation in Network.
  * CVE-2024-3846: Inappropriate implementation in Prompts.
  * CVE-2024-3847: Insufficient policy enforcement in WebUI.

- Chromium 123.0.6312.122 (boo#1222707)
  * CVE-2024-3157: Out of bounds write in Compositing
  * CVE-2024-3516: Heap buffer overflow in ANGLE
  * CVE-2024-3515: Use after free in Dawn

- Chromium 123.0.6312.105 (boo#1222260)
  * CVE-2024-3156: Inappropriate implementation in V8
  * CVE-2024-3158: Use after free in Bookmarks
  * CVE-2024-3159: Out of bounds memory access in V8

- Chromium 123.0.6312.86 (boo#1222035)
  * CVE-2024-2883: Use after free in ANGLE
  * CVE-2024-2885: Use after free in Dawn
  * CVE-2024-2886: Use after free in WebCodecs
  * CVE-2024-2887: Type Confusion in WebAssembly

- Chromium 123.0.6312.58 (boo#1221732)
  * CVE-2024-2625: Object lifecycle issue in V8
  * CVE-2024-2626: Out of bounds read in Swiftshader
  * CVE-2024-2627: Use after free in Canvas
  * CVE-2024-2628: Inappropriate implementation in Downloads

References

CVE: CVE-2024-4671
CVE: CVE-2024-4559
CVE: CVE-2024-4558
CVE: CVE-2024-4368
CVE: CVE-2024-4331
CVE: CVE-2024-4060
CVE: CVE-2024-4059
CVE: CVE-2024-4058
CVE: CVE-2024-3847
CVE: CVE-2024-3846
CVE: CVE-2024-3845
CVE: CVE-2024-3844
CVE: CVE-2024-3843
CVE: CVE-2024-3841
CVE: CVE-2024-3840
CVE: CVE-2024-3839
CVE: CVE-2024-3838
CVE: CVE-2024-3837
CVE: CVE-2024-3834
CVE: CVE-2024-3833
CVE: CVE-2024-3832
CVE: CVE-2024-3516
CVE: CVE-2024-3515
CVE: CVE-2024-3159
CVE: CVE-2024-3158
CVE: CVE-2024-3157
CVE: CVE-2024-3156
CVE: CVE-2024-2887
CVE: CVE-2024-2886
CVE: CVE-2024-2885
CVE: CVE-2024-2883
CVE: CVE-2024-2628
CVE: CVE-2024-2627
CVE: CVE-2024-2626
CVE: CVE-2024-2625
Bugzilla: 1224045 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 124.0.6367.155
Bugzilla: 1223846 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 124.0.6367.118
Bugzilla: 1223845 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 124.0.6367.78
Bugzilla: 1222958 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 124.0.6367.60
Bugzilla: 1222707 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.122
Bugzilla: 1222260 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.105
Bugzilla: 1222035 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.86
Bugzilla: 1221732 VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.58

Packages

chromium-124.0.6367.201-bp155.2.78.1