Bug 1224341 (CVE-2024-4947, CVE-2024-4948, CVE-2024-4949, CVE-2024-4950)

Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 125.0.6422.60
Product: [openSUSE] openSUSE Tumbleweed Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, gmbr3
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2024-05-16 07:34:25 UTC 
TBD][340221135] High CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on 2024-05-13

[TBD][333414294] High CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09

[$7000][326607001] Medium CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24

[$1000][40065403] Low CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06
Comment 2 OBSbugzilla Bot 2024-05-22 06:55:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1224341) was mentioned in
https://build.opensuse.org/request/show/1175672 Backports:SLE-15-SP5 / chromium
Comment 3 Marcus Meissner 2024-05-22 10:05:00 UTC 
openSUSE-SU-2024:0136-1: An update that fixes 5 vulnerabilities is now available.

Category: security (critical)
Bug References: 1224208,1224294,1224341
CVE References: CVE-2024-4761,CVE-2024-4947,CVE-2024-4948,CVE-2024-4949,CVE-2024-4950
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-125.0.6422.60-bp155.2.82.1
Comment 4 Andreas Stieger 2024-05-22 11:28:04 UTC 
done