1212302 – VUL-0: chromium: multiple security issues fixed in 114.0.5735.133

Bug 1212302 - VUL-0: chromium: multiple security issues fixed in 114.0.5735.133

Summary: VUL-0: chromium: multiple security issues fixed in 114.0.5735.133

Status:	RESOLVED FIXED

Alias:	None

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.5
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-13 18:25 UTC by Andreas Stieger
Modified:	2023-06-18 13:15 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2023-06-13 18:25:57 UTC

Fixed in Chromium 114.0.5735.133

* CVE-2023-3214: Use after free in Autofill payments
* CVE-2023-3215: Use after free in WebRTC
* CVE-2023-3216: Type Confusion in V8
* CVE-2023-3217: Use after free in WebXR
* Various fixes from internal audits, fuzzing and other initiatives

https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html

Comment 1 Andreas Stieger 2023-06-14 05:52:18 UTC

submitted

Comment 2 OBSbugzilla Bot 2023-06-14 06:35:02 UTC

This is an autogenerated message for OBS integration:
This bug (1212302) was mentioned in
https://build.opensuse.org/request/show/1093012 Factory / chromium
https://build.opensuse.org/request/show/1093013 Backports:SLE-15-SP4 / chromium
https://build.opensuse.org/request/show/1093014 Backports:SLE-15-SP5 / chromium

Comment 3 Marcus Meissner 2023-06-16 13:05:27 UTC

openSUSE-SU-2023:0132-1: An update that fixes four vulnerabilities is now available.\n\nCategory: security (critical)\nBug References: 1212302\nCVE References: CVE-2023-3214,CVE-2023-3215,CVE-2023-3216,CVE-2023-3217\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src):    chromium-114.0.5735.133-bp154.2.93.1\n\n

Comment 4 Andreas Stieger 2023-06-16 14:11:33 UTC

done. See bug 1212451 for the missing bug comment

Comment 5 Marcus Meissner 2023-06-16 14:45:27 UTC

openSUSE-SU-2023:0131-1: An update that fixes four vulnerabilities is now available.\n\nCategory: security (critical)\nBug References: 1212302\nCVE References: CVE-2023-3214,CVE-2023-3215,CVE-2023-3216,CVE-2023-3217\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP5 (src):    chromium-114.0.5735.133-bp155.2.7.1\n\n

Comment 6 OBSbugzilla Bot 2023-06-18 13:15:05 UTC

This is an autogenerated message for OBS integration:
This bug (1212302) was mentioned in
https://build.opensuse.org/request/show/1093654 Factory / ungoogled-chromium