Bug 1213462

Summary: VUL-0: chromium: multiple security issues fixed in 115.0.5790.98
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gmbr3, m.szczepaniak.000, meissner, rfrohl
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372973/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-07-19 09:19:53 UTC 
https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html

CVE-2023-3727: Use after free in WebRTC
CVE-2023-3728: Use after free in WebRTC
CVE-2023-3730: Use after free in Tab Groups
CVE-2023-3732: Out of bounds memory access in Mojo
CVE-2023-3733: Inappropriate implementation in WebApp Installs
CVE-2023-3734: Inappropriate implementation in Picture In Picture
CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
CVE-2023-3736: Inappropriate implementation in Custom Tabs
CVE-2023-3737: Inappropriate implementation in Notifications
CVE-2023-3738: Inappropriate implementation in Autofill
CVE-2023-3740: Insufficient validation of untrusted input in Themes
Various fixes from internal audits, fuzzing and other initiatives
Comment 1 OBSbugzilla Bot 2023-07-19 10:15:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1213462) was mentioned in
https://build.opensuse.org/request/show/1099461 Factory / chromium
Comment 2 OBSbugzilla Bot 2023-07-19 10:55:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1213462) was mentioned in
https://build.opensuse.org/request/show/1099469 Factory / chromium
Comment 3 OBSbugzilla Bot 2023-07-19 18:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1213462) was mentioned in
https://build.opensuse.org/request/show/1099562 Factory / ungoogled-chromium
Comment 4 Andreas Stieger 2023-07-20 06:48:21 UTC 
Calling, I added some patches for Leap but we are at the failure below. I’ll be out for a couple of days, maybe you can take a look?

[ 9886s] ld.lld: error: undefined symbol: re2::FilteredRE2::Add(std::basic_string_view<char, std::char_traits<char>>, re2::RE2::Options const&, int*)
[ 9886s] >>> referenced by regex_set_matcher.cc
[ 9886s] >>>               thinlto-cache/llvmcache-3DFFBF1D83512989193250B5712DC1EF17E4AD78:(url_matcher::RegexSetMatcher::RebuildMatcher())
[ 9886s] 
[ 9886s] ld.lld: error: undefined symbol: re2::FilteredRE2::AllMatches(std::basic_string_view<char, std::char_traits<char>>, std::vector<int, std::allocator<int>> const&, std::vector<int, std::allocator<int>>*) const
[ 9886s] >>> referenced by regex_set_matcher.cc
[ 9886s] >>>               thinlto-cache/llvmcache-3DFFBF1D83512989193250B5712DC1EF17E4AD78:(url_matcher::RegexSetMatcher::Match(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::set<unsigned long, std::less<unsigned long>, std::allocator<unsigned long>>*) const)
[ 9886s] clang++: error: linker command failed with exit code 1 (use -v to see invocation)
[ 9886s] ninja: build stopped: subcommand failed.
Comment 5 Andreas Stieger 2023-07-23 17:30:44 UTC 
Submitted. comment #4 relates to a failure with re2 2023-07-01
Comment 6 OBSbugzilla Bot 2023-07-23 18:15:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1213462) was mentioned in
https://build.opensuse.org/request/show/1100189 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
Comment 7 Marcus Meissner 2023-07-26 19:05:38 UTC 
openSUSE-SU-2023:0193-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1213462
CVE References: CVE-2023-3727,CVE-2023-3728,CVE-2023-3730,CVE-2023-3732,CVE-2023-3733,CVE-2023-3734,CVE-2023-3735,CVE-2023-3736,CVE-2023-3737,CVE-2023-3738,CVE-2023-3740
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-115.0.5790.102-bp155.2.13.1
openSUSE Backports SLE-15-SP4 (src):    chromium-115.0.5790.102-bp154.2.99.1
Comment 8 Andreas Stieger 2023-07-26 19:06:19 UTC 
done