Bug 1211843

Summary: VUL-0: chromium: multiple security issues fixed in 114.0.5735.90
Product: [openSUSE] openSUSE Distribution Reporter: Gabriele Sonnu <gabriele.sonnu>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, gmbr3, meissner, security-team, sndirsch
Version: Leap 15.4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/367968/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gabriele Sonnu 2023-05-31 07:23:31 UTC 
Fixed in Chromium 114.0.5735.90:

- CVE-2023-2929: Out of bounds write in Swiftshader
- CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08
- CVE-2023-2931: Use after free in PDF
- CVE-2023-2932: Use after free in PDF
- CVE-2023-2933: Use after free in PDF
- CVE-2023-2934: Out of bounds memory access in Mojo
- CVE-2023-2935: Type Confusion in V8
- CVE-2023-2936: Type Confusion in V8
- CVE-2023-2937: Inappropriate implementation in Picture In Picture
- CVE-2023-2938: Inappropriate implementation in Picture In Picture
- CVE-2023-2939: Insufficient data validation in Installer
- CVE-2023-2940: Inappropriate implementation in Downloads
- CVE-2023-2941: Inappropriate implementation in Extensions API

https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
Comment 1 Andreas Stieger 2023-05-31 20:59:24 UTC 
https://build.opensuse.org/package/show/network:chromium/chromium-beta

[  289s] ERROR at //build/config/rust.gni:143:22: Script returned non-zero exit code.
[  289s]     rustc_revision = exec_script("//tools/rust/update_rust.py",
[  289s]                      ^----------
[  289s] Current dir: /home/abuild/rpmbuild/BUILD/chromium-114.0.5735.90/out/
[  289s] Command: python3 /home/abuild/rpmbuild/BUILD/chromium-114.0.5735.90/tools/rust/update_rust.py --print-package-version
[  289s] Returned 1 and printed out:
[  289s] 
[  289s] The expected Rust version is 17c11672167827b0dd92c88ef69f24346d1286dd-1-llvmorg-17-init-8029-g27f27d15-3 (or fallback 17c11672167827b0dd92c88ef69f24346d1286dd-1-llvmorg-17-init-8029-g27f27d15-1 but the actual version is None
[  289s] Did you run "gclient sync"?
[  289s] 
[  289s] See //BUILD.gn:17:1: whence it was imported.
[  289s] import("//build/config/rust.gni")
[  289s] ^-------------------------------
Comment 2 Callum Farmer 2023-06-04 10:49:06 UTC 
⚠️15.4 needs libva 2.14.0+ (currently 2.13.0)

15.5/TW ready soon
Comment 3 Callum Farmer 2023-06-04 19:14:36 UTC 
(In reply to Callum Farmer from comment #2)
> ⚠️15.4 needs libva 2.14.0+ (currently 2.13.0)
> 
> 15.5/TW ready soon

CC'ing libva maint
Comment 4 OBSbugzilla Bot 2023-06-04 20:35:14 UTC 
This is an autogenerated message for OBS integration:
This bug (1211843) was mentioned in
https://build.opensuse.org/request/show/1090770 Factory / chromium
https://build.opensuse.org/request/show/1090771 Backports:SLE-15-SP5 / chromium
Comment 5 Andreas Stieger 2023-06-05 20:22:17 UTC 
(In reply to Callum Farmer from comment #2)
> ⚠️15.4 needs libva 2.14.0+ (currently 2.13.0)

This seems relevant...
https://src.fedoraproject.org/rpms/chromium/blob/rawhide/f/chromium-114-revert-av1enc-el9.patch
Comment 6 OBSbugzilla Bot 2023-06-06 10:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1211843) was mentioned in
https://build.opensuse.org/request/show/1091054 Backports:SLE-15-SP5 / chromium
Comment 7 OBSbugzilla Bot 2023-06-06 20:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1211843) was mentioned in
https://build.opensuse.org/request/show/1091143 Backports:SLE-15-SP4 / chromium
Comment 8 Andreas Stieger 2023-06-07 04:06:43 UTC 
Submitted
Comment 9 Marcus Meissner 2023-06-09 16:05:31 UTC 
openSUSE-SU-2023:0124-1: An update that fixes 14 vulnerabilities is now available.\n\nCategory: security (important)\nBug References: 1211843,1212044\nCVE References: CVE-2023-2929,CVE-2023-2930,CVE-2023-2931,CVE-2023-2932,CVE-2023-2933,CVE-2023-2934,CVE-2023-2935,CVE-2023-2936,CVE-2023-2937,CVE-2023-2938,CVE-2023-2939,CVE-2023-2940,CVE-2023-2941,CVE-2023-3079\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src):    chromium-114.0.5735.106-bp154.2.90.1\n\n
Comment 10 Andreas Stieger 2023-06-09 17:54:27 UTC 
Done