Bug 1214301 - VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 116.0.5845.96
Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 116.0.5...
Status: RESOLVED FIXED
: 1214318 (view as bug list)
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-15 17:16 UTC by Andreas Stieger
Modified: 2023-08-22 05:53 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2023-08-15 17:16:05 UTC 
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

CVE-2023-2312: Use after free in Offline
CVE-2023-4349: Use after free in Device Trust Connectors
CVE-2023-4350: Inappropriate implementation in Fullscreen
CVE-2023-4351: Use after free in Network
CVE-2023-4352: Type Confusion in V8
CVE-2023-4353: Heap buffer overflow in ANGLE
CVE-2023-4354: Heap buffer overflow in Skia
CVE-2023-4355: Out of bounds memory access in V8
CVE-2023-4356: Use after free in Audio
CVE-2023-4357: Insufficient validation of untrusted input in XML
CVE-2023-4358: Use after free in DNS
CVE-2023-4359: Inappropriate implementation in App Launcher
CVE-2023-4360: Inappropriate implementation in Color
CVE-2023-4361: Inappropriate implementation in Autofill
CVE-2023-4362: Heap buffer overflow in Mojom IDL
CVE-2023-4363: Inappropriate implementation in WebShare
CVE-2023-4364: Inappropriate implementation in Permission Prompts
CVE-2023-4365: Inappropriate implementation in Fullscreen
CVE-2023-4366: Use after free in Extensions
CVE-2023-4367: Insufficient policy enforcement in Extensions API
CVE-2023-4368: Insufficient policy enforcement in Extensions API
Comment 1 Andreas Stieger 2023-08-15 17:22:11 UTC 
submitted
Comment 2 OBSbugzilla Bot 2023-08-15 18:05:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1214301) was mentioned in
https://build.opensuse.org/request/show/1104075 Factory / chromium
https://build.opensuse.org/request/show/1104076 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
Comment 3 Carlos López 2023-08-16 07:53:29 UTC 
*** Bug 1214318 has been marked as a duplicate of this bug. ***
Comment 4 OBSbugzilla Bot 2023-08-16 10:15:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1214301) was mentioned in
https://build.opensuse.org/request/show/1104146 Factory / ungoogled-chromium
Comment 5 Marcus Meissner 2023-08-21 13:05:54 UTC 
openSUSE-SU-2023:0234-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1214003,1214301
CVE References: CVE-2023-2312,CVE-2023-4349,CVE-2023-4350,CVE-2023-4351,CVE-2023-4352,CVE-2023-4353,CVE-2023-4354,CVE-2023-4355,CVE-2023-4356,CVE-2023-4357,CVE-2023-4358,CVE-2023-4359,CVE-2023-4360,CVE-2023-4361,CVE-2023-4362,CVE-2023-4363,CVE-2023-4364,CVE-2023-4365,CVE-2023-4366,CVE-2023-4367,CVE-2023-4368
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-116.0.5845.96-bp155.2.19.1
openSUSE Backports SLE-15-SP4 (src):    chromium-116.0.5845.96-bp154.2.105.1
Comment 6 Andreas Stieger 2023-08-22 05:53:25 UTC 
Done