Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

openSUSE: 2023:0117-1 Important: Chromium Issues Resolved

opensuse
Calendar Grey May 31, 2023
Dist Opensuse Esm H88
The latest update for openSUSE tackles 16 identified issues in Chromium, providing significant enhancements for users.
An update that fixes 16 vulnerabilities is now available

Description

This update for chromium fixes the following issues:

- build with llvm15 on Leap

- Chromium 113.0.5672.126 (boo#1211442):

* CVE-2023-2721: Use after free in Navigation

* CVE-2023-2722: Use after free in Autofill UI

* CVE-2023-2723: Use after free in DevTools

* CVE-2023-2724: Type Confusion in V8

* CVE-2023-2725: Use after free in Guest View

* CVE-2023-2726: Inappropriate implementation in WebApp Installs

* Various fixes from internal audits, fuzzing and other initiatives

- Chromium 113.0.5672.92 (boo#1211211)

- Multiple security fixes (boo#1211036):

* CVE-2023-2459: Inappropriate implementation in Prompts

* CVE-2023-2460: Insufficient validation of untrusted input in Extensions

* CVE-2023-2461: Use after free in OS Inputs

* CVE-2023-2462: Inappropriate implementation in Prompts

* CVE-2023-2463: Inappropriate implementation in Full Screen Mode

* CVE-2023-2464: Inappropriate implementation in...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-117=1

Package List

- openSUSE Backports SLE-15-SP4 (x86_64):

chromedriver-113.0.5672.126-bp154.2.87.1

chromium-113.0.5672.126-bp154.2.87.1

References

https://www.suse.com/security/cve/CVE-2023-2459.html

https://www.suse.com/security/cve/CVE-2023-2460.html

https://www.suse.com/security/cve/CVE-2023-2461.html

https://www.suse.com/security/cve/CVE-2023-2462.html

https://www.suse.com/security/cve/CVE-2023-2463.html

https://www.suse.com/security/cve/CVE-2023-2464.html

https://www.suse.com/security/cve/CVE-2023-2465.html

https://www.suse.com/security/cve/CVE-2023-2466.html

https://www.suse.com/security/cve/CVE-2023-2467.html

https://www.suse.com/security/cve/CVE-2023-2468.html

https://www.suse.com/security/cve/CVE-2023-2721.html

https://www.suse.com/security/cve/CVE-2023-2722.html

https://www.suse.com/security/cve/CVE-2023-2723.html

https://www.suse.com/security/cve/CVE-2023-2724.html

https://www.suse.com/security/cve/CVE-2023-2725.html

https://www.suse.com/security/cve/CVE-2023-2726.html

https://bugzilla.suse.com/1211036

https://bugzilla.suse.com/1211211

https://bugzilla.suse.com/1211442

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0117-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP4 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.