Bug 1212302

Summary: VUL-0: chromium: multiple security issues fixed in 114.0.5735.133
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, gmbr3
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-06-13 18:25:57 UTC 
Fixed in Chromium 114.0.5735.133

* CVE-2023-3214: Use after free in Autofill payments
* CVE-2023-3215: Use after free in WebRTC
* CVE-2023-3216: Type Confusion in V8
* CVE-2023-3217: Use after free in WebXR
* Various fixes from internal audits, fuzzing and other initiatives

https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html
Comment 1 Andreas Stieger 2023-06-14 05:52:18 UTC 
submitted
Comment 2 OBSbugzilla Bot 2023-06-14 06:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1212302) was mentioned in
https://build.opensuse.org/request/show/1093012 Factory / chromium
https://build.opensuse.org/request/show/1093013 Backports:SLE-15-SP4 / chromium
https://build.opensuse.org/request/show/1093014 Backports:SLE-15-SP5 / chromium
Comment 3 Marcus Meissner 2023-06-16 13:05:27 UTC 
openSUSE-SU-2023:0132-1: An update that fixes four vulnerabilities is now available.\n\nCategory: security (critical)\nBug References: 1212302\nCVE References: CVE-2023-3214,CVE-2023-3215,CVE-2023-3216,CVE-2023-3217\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src):    chromium-114.0.5735.133-bp154.2.93.1\n\n
Comment 4 Andreas Stieger 2023-06-16 14:11:33 UTC 
done. See bug 1212451 for the missing bug comment
Comment 5 Marcus Meissner 2023-06-16 14:45:27 UTC 
openSUSE-SU-2023:0131-1: An update that fixes four vulnerabilities is now available.\n\nCategory: security (critical)\nBug References: 1212302\nCVE References: CVE-2023-3214,CVE-2023-3215,CVE-2023-3216,CVE-2023-3217\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP5 (src):    chromium-114.0.5735.133-bp155.2.7.1\n\n
Comment 6 OBSbugzilla Bot 2023-06-18 13:15:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1212302) was mentioned in
https://build.opensuse.org/request/show/1093654 Factory / ungoogled-chromium