Bug 1218533

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 120.0.6099.199
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium CC: abergmann, Andreas.Stieger, brunopitrus, gmbr3, m.szczepaniak.000
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2024-01-04 07:33:32 UTC 
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html

Stable Channel Update for Desktop
Wednesday, January 3, 2024

The Stable channel has been updated to 120.0.6099.199 for Mac,Linux and 120.0.6099.199/200 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes:
High: CVE-2024-0222: Use after free in ANGLE.
High: CVE-2024-0223: Heap buffer overflow in ANGLE.
High: CVE-2024-0224: Use after free in WebAudio.
High: CVE-2024-0225: Use after free in WebGPU.
Comment 2 Callum Farmer 2024-01-08 14:12:30 UTC 
Still pending clang/libstdc++ fixes before 120 will be rolled out
Comment 3 Bruno Pitrus 2024-01-10 20:29:50 UTC 
@gmbr3@opensuse.org: I maintain electron and a major blocker for electron 28 (which includes chromium 120) is this: https://bugs.chromium.org/p/v8/issues/detail?id=14449
Comment 4 OBSbugzilla Bot 2024-01-12 15:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138331 Factory / chromium
Comment 5 OBSbugzilla Bot 2024-01-12 21:35:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138394 Factory / chromium
Comment 6 OBSbugzilla Bot 2024-01-13 15:35:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138475 Factory / chromium
Comment 7 OBSbugzilla Bot 2024-01-14 09:45:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium
Comment 8 OBSbugzilla Bot 2024-01-14 11:35:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium
Comment 9 OBSbugzilla Bot 2024-01-14 13:45:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium
Comment 10 OBSbugzilla Bot 2024-01-14 15:35:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1218533) was mentioned in
https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium
Comment 11 Marcus Meissner 2024-01-16 11:05:10 UTC 
openSUSE-SU-2024:0020-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1217839,1218048,1218302,1218303,1218533,1218719
CVE References: CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512,CVE-2023-6702,CVE-2023-6703,CVE-2023-6704,CVE-2023-6705,CVE-2023-6706,CVE-2023-6707,CVE-2023-7024,CVE-2024-0222,CVE-2024-0223,CVE-2024-0224,CVE-2024-0225,CVE-2024-0333
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-120.0.6099.216-bp155.2.64.1
Comment 12 Andreas Stieger 2024-01-16 11:44:42 UTC 
done