Bug 1221105

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 122.0.6261.111
Product: [openSUSE] openSUSE Distribution Reporter: Robert Frohl <rfrohl>
Component: SecurityAssignee: Callum Farmer <gmbr3>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, m.szczepaniak.000
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2024-03-07 09:34:14 UTC 
The Stable channel has been updated to 122.0.6261.111/.112 for Windows and Mac and 122.0.6261.111 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the

High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19
High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19
High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20

https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
Comment 1 OBSbugzilla Bot 2024-03-09 19:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1221105) was mentioned in
https://build.opensuse.org/request/show/1156639 Factory / chromium
Comment 2 OBSbugzilla Bot 2024-03-10 21:35:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1221105) was mentioned in
https://build.opensuse.org/request/show/1156764 Factory / ungoogled-chromium
Comment 3 OBSbugzilla Bot 2024-03-12 09:55:50 UTC 
This is an autogenerated message for OBS integration:
This bug (1221105) was mentioned in
https://build.opensuse.org/request/show/1157120 Backports:SLE-15-SP5 / chromium
Comment 4 OBSbugzilla Bot 2024-03-13 13:35:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1221105) was mentioned in
https://build.opensuse.org/request/show/1157505 Backports:SLE-15-SP5 / chromium
Comment 5 Marcus Meissner 2024-03-18 10:57:37 UTC 
released
Comment 6 Marcus Meissner 2024-03-18 11:04:58 UTC 
openSUSE-SU-2024:0084-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1220131,1220604,1221105,1221335
CVE References: CVE-2024-1669,CVE-2024-1670,CVE-2024-1671,CVE-2024-1672,CVE-2024-1673,CVE-2024-1674,CVE-2024-1675,CVE-2024-1676,CVE-2024-2173,CVE-2024-2174,CVE-2024-2176,CVE-2024-2400
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-122.0.6261.128-bp155.2.75.1, llvm17-17.0.6-bp155.2.2