Bug 1218048

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 120.0.6099.109
Product: [openSUSE] openSUSE Distribution Reporter: Andrea Mattiazzo <andrea.mattiazzo>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: aaronpuchert, andrea.mattiazzo, Andreas.Stieger, gmbr3, m.szczepaniak.000
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andrea Mattiazzo 2023-12-14 10:22:13 UTC 
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html

 The Stable channel has been updated to 120.0.6099.109 which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. 

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

-CVE-2023-6702: Type Confusion in V8
-CVE-2023-6703: Use after free in Blink.
-CVE-2023-6704: Use after free in libavif.
-CVE-2023-6705: Use after free in WebRTC.
-CVE-2023-6706: Use after free in FedCM.
-CVE-2023-6707: Use after free in CSS.
Comment 1 Callum Farmer 2023-12-15 09:49:52 UTC 
Build fail

[ 1670s] ../third_party/webrtc/modules/congestion_controller/goog_cc/loss_based_bwe_v2.cc:511:10: error: no matching member function for call to 'emplace'
[ 1670s]   511 |   config.emplace();
[ 1670s]       |   ~~~~~~~^~~~~~~
[ 1670s] /usr/bin/../lib64/gcc/x86_64-suse-linux/13/../../../../include/c++/13/optional:914:2: note: candidate template ignored: requirement 'is_constructible_v<webrtc::LossBasedBweV2::Config>' was not satisfied [with _Args = <>]
[ 1670s]   914 |         emplace(_Args&&... __args)
[ 1670s]       |         ^
[ 1670s] /usr/bin/../lib64/gcc/x86_64-suse-linux/13/../../../../include/c++/13/optional:926:2: note: candidate function template not viable: requires at least argument '__il', but no arguments were provided
[ 1670s]   926 |         emplace(initializer_list<_Up> __il, _Args&&... __args)
[ 1670s]       |         ^       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ 1670s] 1 error generated.

Standardisation issue with Clang and libstdc++
Looks like only fix based on other Chromium distributors is to go libc++ which will break unbundling in its entirety. I have literally no other idea rn. 

LLVM bug:
https://github.com/llvm/llvm-project/issues/50248
Comment 2 Aaron Puchert 2023-12-15 23:19:26 UTC 
The error message looks like GCC to me, are you sure this is Clang-related? (Clang doesn't have line number margins by default, and I haven't seen it use brackets for instantiation arguments.)

My suggestion would be to provide more context (i.e. is there an accessible default constructor, or constructor with only default arguments?) and add the GCC maintainers instead.
Comment 3 Andreas Stieger 2023-12-21 07:58:10 UTC 
Found https://github.com/mpromonet/webrtc-streamer/commit/971bb1cea6adc1f41459e5102f2cd07b88c28c5b patching config.emplace() to config.emplace(Config()). Trying this...
Comment 4 OBSbugzilla Bot 2024-01-12 15:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138331 Factory / chromium
Comment 5 OBSbugzilla Bot 2024-01-12 21:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138394 Factory / chromium
Comment 6 OBSbugzilla Bot 2024-01-13 15:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138475 Factory / chromium
Comment 7 OBSbugzilla Bot 2024-01-14 09:45:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium
Comment 8 OBSbugzilla Bot 2024-01-14 11:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium
Comment 9 OBSbugzilla Bot 2024-01-14 13:45:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium
Comment 10 OBSbugzilla Bot 2024-01-14 15:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1218048) was mentioned in
https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium
Comment 11 Marcus Meissner 2024-01-16 11:05:02 UTC 
openSUSE-SU-2024:0020-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1217839,1218048,1218302,1218303,1218533,1218719
CVE References: CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512,CVE-2023-6702,CVE-2023-6703,CVE-2023-6704,CVE-2023-6705,CVE-2023-6706,CVE-2023-6707,CVE-2023-7024,CVE-2024-0222,CVE-2024-0223,CVE-2024-0224,CVE-2024-0225,CVE-2024-0333
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-120.0.6099.216-bp155.2.64.1
Comment 12 Andreas Stieger 2024-01-16 11:44:41 UTC 
done