Bug 1225199 (CVE-2024-5274)

Summary: VUL-0: CVE-2024-5274: chromium: Type Confusion in V8
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium CC: gmbr3, rfrohl
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/407623/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2024-05-24 09:39:02 UTC 
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html

Fixed in 125.0.6422.112:

High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20


Google is aware that an exploit for CVE-2024-5274 exists in the wild.
Comment 1 OBSbugzilla Bot 2024-05-24 10:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1225199) was mentioned in
https://build.opensuse.org/request/show/1176705 Factory / chromium
https://build.opensuse.org/request/show/1176707 Backports:SLE-15-SP5 / chromium
Comment 2 Marcus Meissner 2024-05-26 13:05:49 UTC 
openSUSE-SU-2024:0141-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 1225199
CVE References: CVE-2024-5274
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-125.0.6422.112-bp155.2.88.1
Comment 3 Andreas Stieger 2024-05-27 10:12:55 UTC 
done