Bug 1214301

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 116.0.5845.96
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, carlos.lopez, gmbr3, m.szczepaniak.000
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-08-15 17:16:05 UTC 
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

CVE-2023-2312: Use after free in Offline
CVE-2023-4349: Use after free in Device Trust Connectors
CVE-2023-4350: Inappropriate implementation in Fullscreen
CVE-2023-4351: Use after free in Network
CVE-2023-4352: Type Confusion in V8
CVE-2023-4353: Heap buffer overflow in ANGLE
CVE-2023-4354: Heap buffer overflow in Skia
CVE-2023-4355: Out of bounds memory access in V8
CVE-2023-4356: Use after free in Audio
CVE-2023-4357: Insufficient validation of untrusted input in XML
CVE-2023-4358: Use after free in DNS
CVE-2023-4359: Inappropriate implementation in App Launcher
CVE-2023-4360: Inappropriate implementation in Color
CVE-2023-4361: Inappropriate implementation in Autofill
CVE-2023-4362: Heap buffer overflow in Mojom IDL
CVE-2023-4363: Inappropriate implementation in WebShare
CVE-2023-4364: Inappropriate implementation in Permission Prompts
CVE-2023-4365: Inappropriate implementation in Fullscreen
CVE-2023-4366: Use after free in Extensions
CVE-2023-4367: Insufficient policy enforcement in Extensions API
CVE-2023-4368: Insufficient policy enforcement in Extensions API
Comment 1 Andreas Stieger 2023-08-15 17:22:11 UTC 
submitted
Comment 2 OBSbugzilla Bot 2023-08-15 18:05:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1214301) was mentioned in
https://build.opensuse.org/request/show/1104075 Factory / chromium
https://build.opensuse.org/request/show/1104076 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
Comment 3 Carlos López 2023-08-16 07:53:29 UTC 
*** Bug 1214318 has been marked as a duplicate of this bug. ***
Comment 4 OBSbugzilla Bot 2023-08-16 10:15:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1214301) was mentioned in
https://build.opensuse.org/request/show/1104146 Factory / ungoogled-chromium
Comment 5 Marcus Meissner 2023-08-21 13:05:54 UTC 
openSUSE-SU-2023:0234-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1214003,1214301
CVE References: CVE-2023-2312,CVE-2023-4349,CVE-2023-4350,CVE-2023-4351,CVE-2023-4352,CVE-2023-4353,CVE-2023-4354,CVE-2023-4355,CVE-2023-4356,CVE-2023-4357,CVE-2023-4358,CVE-2023-4359,CVE-2023-4360,CVE-2023-4361,CVE-2023-4362,CVE-2023-4363,CVE-2023-4364,CVE-2023-4365,CVE-2023-4366,CVE-2023-4367,CVE-2023-4368
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-116.0.5845.96-bp155.2.19.1
openSUSE Backports SLE-15-SP4 (src):    chromium-116.0.5845.96-bp154.2.105.1
Comment 6 Andreas Stieger 2023-08-22 05:53:25 UTC 
Done