openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2023:0234-1
Rating:             important
References:         #1214003 #1214301 
Cross-References:   CVE-2023-2312 CVE-2023-4349 CVE-2023-4350
                    CVE-2023-4351 CVE-2023-4352 CVE-2023-4353
                    CVE-2023-4354 CVE-2023-4355 CVE-2023-4356
                    CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
                    CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
                    CVE-2023-4363 CVE-2023-4364 CVE-2023-4365
                    CVE-2023-4366 CVE-2023-4367 CVE-2023-4368
                   
Affected Products:
                    openSUSE Backports SLE-15-SP4
                    openSUSE Backports SLE-15-SP5
______________________________________________________________________________

   An update that fixes 21 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   Chromium 116.0.5845.96

   * New CSS features: Motion Path, and "display" and "content-visibility"
     animations
   * Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache
     NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards
     in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info
     API, and RP Context API, Non-composed Mouse and Pointer enter/leave
     events, Remove document.open sandbox inheritance, Report Critical-CH
     caused restart in NavigationTiming

   This update fixes a number of security issues (boo#1214301):

     * CVE-2023-2312: Use after free in Offline
     * CVE-2023-4349: Use after free in Device Trust Connectors
     * CVE-2023-4350: Inappropriate implementation in Fullscreen
     * CVE-2023-4351: Use after free in Network
     * CVE-2023-4352: Type Confusion in V8
     * CVE-2023-4353: Heap buffer overflow in ANGLE
     * CVE-2023-4354: Heap buffer overflow in Skia
     * CVE-2023-4355: Out of bounds memory access in V8
     * CVE-2023-4356: Use after free in Audio
     * CVE-2023-4357: Insufficient validation of untrusted input in XML
     * CVE-2023-4358: Use after free in DNS
     * CVE-2023-4359: Inappropriate implementation in App Launcher
     * CVE-2023-4360: Inappropriate implementation in Color
     * CVE-2023-4361: Inappropriate implementation in Autofill
     * CVE-2023-4362: Heap buffer overflow in Mojom IDL
     * CVE-2023-4363: Inappropriate implementation in WebShare
     * CVE-2023-4364: Inappropriate implementation in Permission Prompts
     * CVE-2023-4365: Inappropriate implementation in Fullscreen
     * CVE-2023-4366: Use after free in Extensions
     * CVE-2023-4367: Insufficient policy enforcement in Extensions API
     * CVE-2023-4368: Insufficient policy enforcement in Extensions API

   - Fix crash with extensions (boo#1214003)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP5:

      zypper in -t patch openSUSE-2023-234=1

   - openSUSE Backports SLE-15-SP4:

      zypper in -t patch openSUSE-2023-234=1



Package List:

   - openSUSE Backports SLE-15-SP5 (aarch64 x86_64):

      chromedriver-116.0.5845.96-bp155.2.19.1
      chromedriver-debuginfo-116.0.5845.96-bp155.2.19.1
      chromium-116.0.5845.96-bp155.2.19.1
      chromium-debuginfo-116.0.5845.96-bp155.2.19.1

   - openSUSE Backports SLE-15-SP4 (aarch64 x86_64):

      chromedriver-116.0.5845.96-bp154.2.105.1
      chromium-116.0.5845.96-bp154.2.105.1


References:

   https://www.suse.com/security/cve/CVE-2023-2312.html
   https://www.suse.com/security/cve/CVE-2023-4349.html
   https://www.suse.com/security/cve/CVE-2023-4350.html
   https://www.suse.com/security/cve/CVE-2023-4351.html
   https://www.suse.com/security/cve/CVE-2023-4352.html
   https://www.suse.com/security/cve/CVE-2023-4353.html
   https://www.suse.com/security/cve/CVE-2023-4354.html
   https://www.suse.com/security/cve/CVE-2023-4355.html
   https://www.suse.com/security/cve/CVE-2023-4356.html
   https://www.suse.com/security/cve/CVE-2023-4357.html
   https://www.suse.com/security/cve/CVE-2023-4358.html
   https://www.suse.com/security/cve/CVE-2023-4359.html
   https://www.suse.com/security/cve/CVE-2023-4360.html
   https://www.suse.com/security/cve/CVE-2023-4361.html
   https://www.suse.com/security/cve/CVE-2023-4362.html
   https://www.suse.com/security/cve/CVE-2023-4363.html
   https://www.suse.com/security/cve/CVE-2023-4364.html
   https://www.suse.com/security/cve/CVE-2023-4365.html
   https://www.suse.com/security/cve/CVE-2023-4366.html
   https://www.suse.com/security/cve/CVE-2023-4367.html
   https://www.suse.com/security/cve/CVE-2023-4368.html
   https://bugzilla.suse.com/1214003
   https://bugzilla.suse.com/1214301

openSUSE: 2023:0234-1 important: chromium

August 21, 2023
An update that fixes 21 vulnerabilities is now available

Description

This update for chromium fixes the following issues: Chromium 116.0.5845.96 * New CSS features: Motion Path, and "display" and "content-visibility" animations * Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info API, and RP Context API, Non-composed Mouse and Pointer enter/leave events, Remove document.open sandbox inheritance, Report Critical-CH caused restart in NavigationTiming This update fixes a number of security issues (boo#1214301): * CVE-2023-2312: Use after free in Offline * CVE-2023-4349: Use after free in Device Trust Connectors * CVE-2023-4350: Inappropriate implementation in Fullscreen * CVE-2023-4351: Use after free in Network * CVE-2023-4352: Type Confusion in V8 * CVE-2023-4353: Heap buffer overflow in ANGLE * CVE-2023-4354: Heap buffer overflow in Skia * CVE-2023-4355: Out of bounds memory access in V8 * CVE-2023-4356: Use after free in Audio * CVE-2023-4357: Insufficient validation of untrusted input in XML * CVE-2023-4358: Use after free in DNS * CVE-2023-4359: Inappropriate implementation in App Launcher * CVE-2023-4360: Inappropriate implementation in Color * CVE-2023-4361: Inappropriate implementation in Autofill * CVE-2023-4362: Heap buffer overflow in Mojom IDL * CVE-2023-4363: Inappropriate implementation in WebShare * CVE-2023-4364: Inappropriate implementation in Permission Prompts * CVE-2023-4365: Inappropriate implementation in Fullscreen * CVE-2023-4366: Use after free in Extensions * CVE-2023-4367: Insufficient policy enforcement in Extensions API * CVE-2023-4368: Insufficient policy enforcement in Extensions API - Fix crash with extensions (boo#1214003)

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-234=1 - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-234=1


Package List

- openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-116.0.5845.96-bp155.2.19.1 chromedriver-debuginfo-116.0.5845.96-bp155.2.19.1 chromium-116.0.5845.96-bp155.2.19.1 chromium-debuginfo-116.0.5845.96-bp155.2.19.1 - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-116.0.5845.96-bp154.2.105.1 chromium-116.0.5845.96-bp154.2.105.1


References

https://www.suse.com/security/cve/CVE-2023-2312.html https://www.suse.com/security/cve/CVE-2023-4349.html https://www.suse.com/security/cve/CVE-2023-4350.html https://www.suse.com/security/cve/CVE-2023-4351.html https://www.suse.com/security/cve/CVE-2023-4352.html https://www.suse.com/security/cve/CVE-2023-4353.html https://www.suse.com/security/cve/CVE-2023-4354.html https://www.suse.com/security/cve/CVE-2023-4355.html https://www.suse.com/security/cve/CVE-2023-4356.html https://www.suse.com/security/cve/CVE-2023-4357.html https://www.suse.com/security/cve/CVE-2023-4358.html https://www.suse.com/security/cve/CVE-2023-4359.html https://www.suse.com/security/cve/CVE-2023-4360.html https://www.suse.com/security/cve/CVE-2023-4361.html https://www.suse.com/security/cve/CVE-2023-4362.html https://www.suse.com/security/cve/CVE-2023-4363.html https://www.suse.com/security/cve/CVE-2023-4364.html https://www.suse.com/security/cve/CVE-2023-4365.html https://www.suse.com/security/cve/CVE-2023-4366.html https://www.suse.com/security/cve/CVE-2023-4367.html https://www.suse.com/security/cve/CVE-2023-4368.html https://bugzilla.suse.com/1214003 https://bugzilla.suse.com/1214301


Severity
Announcement ID: openSUSE-SU-2023:0234-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP4 openSUSE Backports SLE-15-SP5 .

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo