Bugzilla – Bug 1217616
VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 119.0.6045.199
Last modified: 2023-11-30 17:09:54 UTC
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html * CVE-2023-6348: Type Confusion in Spellcheck * CVE-2023-6347: Use after free in Mojo * CVE-2023-6346: Use after free in WebAudio * CVE-2023-6350: Out of bounds memory access in libavif filed as bug 1217614 since this affects the system libavif * CVE-2023-6351: Use after free in libavif filed as bug 1217615 since this affects the system libavif * CVE-2023-6345: Integer overflow in Skia * Various fixes from internal audits, fuzzing and other initiatives > Google is aware that an exploit for CVE-2023-6345 exists in the wild. This is https://crbug.com/1505053 Rolled via: https://chromium.googlesource.com/chromium/src/+/baf84c2d246a45577b7ddd2b8d8d2e2cf36e12e2 Two commits: https://skia.googlesource.com/skia.git/+/afefbf7cb3f3bf406aaa62dce04e8cac506cd8d8%5E%21/ https://skia.googlesource.com/skia.git/+/89907a0ce7c0c883898b8c88b55b7b7f733f7058%5E%21/
Submitted, over to Michał for ungoogled-chromium.
This is an autogenerated message for OBS integration: This bug (1217616) was mentioned in https://build.opensuse.org/request/show/1129722 Factory / chromium https://build.opensuse.org/request/show/1129724 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / chromium
This is an autogenerated message for OBS integration: This bug (1217616) was mentioned in https://build.opensuse.org/request/show/1129955 Factory / ungoogled-chromium
openSUSE-SU-2023:0387-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1217614,1217615,1217616 CVE References: CVE-2023-6345,CVE-2023-6346,CVE-2023-6347,CVE-2023-6348,CVE-2023-6350,CVE-2023-6351 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): chromium-119.0.6045.199-bp155.2.61.1 openSUSE Backports SLE-15-SP4 (src): chromium-119.0.6045.199-bp154.2.147.1
done