Bug 1216111

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 118.0.5993.70
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium CC: gmbr3, m.szczepaniak.000, meissner, rfrohl
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/381513/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-10-10 20:15:51 UTC 
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html

CVE-2023-5218: Use after free in Site Isolation
CVE-2023-5487: Inappropriate implementation in Fullscreen
CVE-2023-5484: Inappropriate implementation in Navigation
CVE-2023-5475: Inappropriate implementation in DevTools
CVE-2023-5483: Inappropriate implementation in Intents
CVE-2023-5481: Inappropriate implementation in Downloads
CVE-2023-5476: Use after free in Blink History
CVE-2023-5474: Heap buffer overflow in PDF
CVE-2023-5479: Inappropriate implementation in Extensions API
CVE-2023-5485: Inappropriate implementation in Autofill
CVE-2023-5478: Inappropriate implementation in Autofill
CVE-2023-5477: Inappropriate implementation in Installer
CVE-2023-5486: Inappropriate implementation in Input
CVE-2023-5473: Use after free in Cast
Comment 1 OBSbugzilla Bot 2023-10-11 08:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1216111) was mentioned in
https://build.opensuse.org/request/show/1116803 Factory / chromium
Comment 2 OBSbugzilla Bot 2023-10-12 10:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1216111) was mentioned in
https://build.opensuse.org/request/show/1117139 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
Comment 4 Marcus Meissner 2023-10-13 13:05:17 UTC 
openSUSE-SU-2023:0300-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1216111
CVE References: CVE-2023-5218,CVE-2023-5473,CVE-2023-5474,CVE-2023-5475,CVE-2023-5476,CVE-2023-5477,CVE-2023-5478,CVE-2023-5479,CVE-2023-5481,CVE-2023-5483,CVE-2023-5484,CVE-2023-5485,CVE-2023-5486,CVE-2023-5487
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-118.0.5993.70-bp155.2.46.1
openSUSE Backports SLE-15-SP4 (src):    chromium-118.0.5993.70-bp154.2.132.1
Comment 5 Andreas Stieger 2023-10-13 17:44:45 UTC 
https://build.opensuse.org/request/show/1117703
Comment 6 MichaƂ Szczepaniak 2023-10-13 18:03:30 UTC 
Thanks for help I've been busy