Bug 1217839

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 120.0.6099.62
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: abergmann, Andreas.Stieger, gabriele.sonnu, gmbr3, m.szczepaniak.000
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/387191/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2023-12-06 07:55:53 UTC 
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html

Chrome 120.0.6099.62 (Linux and Mac), 120.0.6099.62/.63( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 120.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

- CVE-2023-6508: Use after free in Media Stream.
- CVE-2023-6509: Use after free in Side Panel Search.
- CVE-2023-6510: Use after free in Media Capture.
- CVE-2023-6511: Inappropriate implementation in Autofill.
- CVE-2023-6512: Inappropriate implementation in Web Browser UI.
Comment 1 Andreas Stieger 2023-12-06 15:31:47 UTC 
I won't have time until next week - there is some incomplete work on network:chromium/chromium-beta. Callum?
Comment 2 Callum Farmer 2023-12-14 13:14:56 UTC 
on it
Comment 3 OBSbugzilla Bot 2024-01-12 15:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138331 Factory / chromium
Comment 4 OBSbugzilla Bot 2024-01-12 21:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138394 Factory / chromium
Comment 5 OBSbugzilla Bot 2024-01-13 15:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138475 Factory / chromium
Comment 6 OBSbugzilla Bot 2024-01-14 09:45:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium
Comment 7 OBSbugzilla Bot 2024-01-14 11:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium
Comment 8 OBSbugzilla Bot 2024-01-14 13:45:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium
Comment 9 OBSbugzilla Bot 2024-01-14 15:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1217839) was mentioned in
https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium
Comment 10 Marcus Meissner 2024-01-16 11:05:00 UTC 
openSUSE-SU-2024:0020-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1217839,1218048,1218302,1218303,1218533,1218719
CVE References: CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512,CVE-2023-6702,CVE-2023-6703,CVE-2023-6704,CVE-2023-6705,CVE-2023-6706,CVE-2023-6707,CVE-2023-7024,CVE-2024-0222,CVE-2024-0223,CVE-2024-0224,CVE-2024-0225,CVE-2024-0333
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-120.0.6099.216-bp155.2.64.1
Comment 11 Andreas Stieger 2024-01-16 11:44:42 UTC 
done