Bug 1222260 (CVE-2024-3156, CVE-2024-3158, CVE-2024-3159)

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.105
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: SecurityAssignee: Callum Farmer <gmbr3>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: abergmann, Andreas.Stieger, code, m.szczepaniak.000, rfrohl, roger.whittaker
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/400098/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2024-04-03 07:19:55 UTC 
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html

Stable Channel Update for Desktop
Tuesday, April 2, 2024

The Stable channel has been updated to 123.0.6312.105/.106/.107 for Windows and Mac and 123.0.6312.105 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8


For detailed information, please look into the official Chrome release announcement.
Comment 1 Benjamin Greiner 2024-04-17 08:52:46 UTC 
Duplicate is not the same version but same problem

*** This bug has been marked as a duplicate of bug 1222707 ***
Comment 2 OBSbugzilla Bot 2024-05-11 05:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1222260) was mentioned in
https://build.opensuse.org/request/show/1173380 Factory / chromium
Comment 3 OBSbugzilla Bot 2024-05-11 06:15:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1222260) was mentioned in
https://build.opensuse.org/request/show/1173381 Backports:SLE-15-SP5 / chromium
Comment 4 Marcus Meissner 2024-05-13 04:05:02 UTC 
openSUSE-SU-2024:0123-1: An update that fixes 35 vulnerabilities is now available.

Category: security (important)
Bug References: 1221732,1222035,1222260,1222707,1222958,1223845,1223846,1224045
CVE References: CVE-2024-2625,CVE-2024-2626,CVE-2024-2627,CVE-2024-2628,CVE-2024-2883,CVE-2024-2885,CVE-2024-2886,CVE-2024-2887,CVE-2024-3156,CVE-2024-3157,CVE-2024-3158,CVE-2024-3159,CVE-2024-3515,CVE-2024-3516,CVE-2024-3832,CVE-2024-3833,CVE-2024-3834,CVE-2024-3837,CVE-2024-3838,CVE-2024-3839,CVE-2024-3840,CVE-2024-3841,CVE-2024-3843,CVE-2024-3844,CVE-2024-3845,CVE-2024-3846,CVE-2024-3847,CVE-2024-4058,CVE-2024-4059,CVE-2024-4060,CVE-2024-4331,CVE-2024-4368,CVE-2024-4558,CVE-2024-4559,CVE-2024-4671
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-124.0.6367.201-bp155.2.78.1