Bugzilla – Bug 1215776
VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 117.0.5938.132
Last modified: 2023-09-29 22:21:44 UTC
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx * CVE-2023-5186: Use after free in Passwords * CVE-2023-5187: Use after free in Extensions Google is aware that an exploit for CVE-2023-5217 exists in the wild
Chromium is currently using the bundled lib: > %bcond_with system_vpx
> * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx See bug 1215778
This is an autogenerated message for OBS integration: This bug (1215776) was mentioned in https://build.opensuse.org/request/show/1113938 Factory / chromium https://build.opensuse.org/request/show/1113939 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
This is an autogenerated message for OBS integration: This bug (1215776) was mentioned in https://build.opensuse.org/request/show/1114163 Factory / ungoogled-chromium
openSUSE-SU-2023:0277-1: An update that fixes three vulnerabilities is now available. Category: security (critical) Bug References: 1215776,1215778 CVE References: CVE-2023-5186,CVE-2023-5187,CVE-2023-5217 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): chromium-117.0.5938.132-bp155.2.40.1 openSUSE Backports SLE-15-SP4 (src): chromium-117.0.5938.132-bp154.2.126.1
done