Bug 1217616 (CVE-2023-6345)

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 119.0.6045.199
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium CC: gmbr3, m.szczepaniak.000, meissner
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
See Also: https://bugzilla.opensuse.org/show_bug.cgi?id=1217614
https://bugzilla.opensuse.org/show_bug.cgi?id=1217615
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-11-28 20:38:05 UTC 
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

* CVE-2023-6348: Type Confusion in Spellcheck
* CVE-2023-6347: Use after free in Mojo
* CVE-2023-6346: Use after free in WebAudio
* CVE-2023-6350: Out of bounds memory access in libavif
  filed as bug 1217614 since this affects the system libavif
* CVE-2023-6351: Use after free in libavif
  filed as bug 1217615 since this affects the system libavif
* CVE-2023-6345: Integer overflow in Skia
* Various fixes from internal audits, fuzzing and other initiatives

> Google is aware that an exploit for CVE-2023-6345 exists in the wild.

This is https://crbug.com/1505053 
Rolled via: https://chromium.googlesource.com/chromium/src/+/baf84c2d246a45577b7ddd2b8d8d2e2cf36e12e2

Two commits:
https://skia.googlesource.com/skia.git/+/afefbf7cb3f3bf406aaa62dce04e8cac506cd8d8%5E%21/
https://skia.googlesource.com/skia.git/+/89907a0ce7c0c883898b8c88b55b7b7f733f7058%5E%21/
Comment 1 Andreas Stieger 2023-11-29 07:02:25 UTC 
Submitted, over to MichaƂ for ungoogled-chromium.
Comment 2 OBSbugzilla Bot 2023-11-29 08:15:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1217616) was mentioned in
https://build.opensuse.org/request/show/1129722 Factory / chromium
https://build.opensuse.org/request/show/1129724 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
Comment 3 OBSbugzilla Bot 2023-11-30 10:15:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1217616) was mentioned in
https://build.opensuse.org/request/show/1129955 Factory / ungoogled-chromium
Comment 4 Marcus Meissner 2023-11-30 17:05:07 UTC 
openSUSE-SU-2023:0387-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1217614,1217615,1217616
CVE References: CVE-2023-6345,CVE-2023-6346,CVE-2023-6347,CVE-2023-6348,CVE-2023-6350,CVE-2023-6351
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-119.0.6045.199-bp155.2.61.1
openSUSE Backports SLE-15-SP4 (src):    chromium-119.0.6045.199-bp154.2.147.1
Comment 5 Andreas Stieger 2023-11-30 17:09:54 UTC 
done