Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE: 2024:0026-1 Critical: chromium memory vulnerabilities

opensuse
Calendar Grey January 19, 2024
Dist Opensuse Esm H88
Addresses major security flaws in Chromium through update openSUSE-SU-2024:0035-1. This includes comprehensive details on the patch implementation process.
An update that fixes three vulnerabilities is now available

Description

This update for chromium fixes the following issues:

Update to 120.0.6099.224 (boo#1218892):

- CVE-2024-0517: Out of bounds write in V8

- CVE-2024-0518: Type Confusion in V8

- CVE-2024-0519: Out of bounds memory access in V8

- Various fixes from internal audits, fuzzing and other initiatives

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-25=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):

chromedriver-120.0.6099.224-bp155.2.67.1

chromium-120.0.6099.224-bp155.2.67.1

References

https://www.suse.com/security/cve/CVE-2024-0517.html

https://www.suse.com/security/cve/CVE-2024-0518.html

https://www.suse.com/security/cve/CVE-2024-0519.html

https://bugzilla.suse.com/1218892

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2024:0025-1
Rating: critical
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here