Bug 1218719

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 120.0.6099.216
Product: [openSUSE] openSUSE Tumbleweed Reporter: Thomas Leroy <thomas.leroy>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: Andreas.Stieger, gmbr3, m.szczepaniak.000
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2024-01-11 09:34:42 UTC 
The Stable channel has been updated to 120.0.6099.216 for Mac,Linux and 120.0.6099.216/217 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

- CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg

References:
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
Comment 1 OBSbugzilla Bot 2024-01-12 15:35:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138331 Factory / chromium
Comment 2 OBSbugzilla Bot 2024-01-12 21:35:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138394 Factory / chromium
Comment 3 OBSbugzilla Bot 2024-01-13 15:35:11 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138475 Factory / chromium
Comment 4 Michał Szczepaniak 2024-01-14 08:56:40 UTC 
@Andreas.Stieger@gmx.de Would you mind giving me a hand with ungoogled-chromium?
Comment 5 OBSbugzilla Bot 2024-01-14 09:45:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium
Comment 6 Andreas Stieger 2024-01-14 10:19:27 UTC 
(In reply to Michał Szczepaniak from comment #4)
> Would you mind giving me a hand with ungoogled-chromium?

Sure, it's done.
Comment 7 OBSbugzilla Bot 2024-01-14 11:35:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium
Comment 8 OBSbugzilla Bot 2024-01-14 13:45:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium
Comment 9 OBSbugzilla Bot 2024-01-14 15:35:10 UTC 
This is an autogenerated message for OBS integration:
This bug (1218719) was mentioned in
https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium
Comment 10 Marcus Meissner 2024-01-16 11:05:14 UTC 
openSUSE-SU-2024:0020-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1217839,1218048,1218302,1218303,1218533,1218719
CVE References: CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512,CVE-2023-6702,CVE-2023-6703,CVE-2023-6704,CVE-2023-6705,CVE-2023-6706,CVE-2023-6707,CVE-2023-7024,CVE-2024-0222,CVE-2024-0223,CVE-2024-0224,CVE-2024-0225,CVE-2024-0333
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-120.0.6099.216-bp155.2.64.1
Comment 11 Andreas Stieger 2024-01-16 11:44:42 UTC 
done