Bug 1218302 (CVE-2023-7024) - VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 120.0.6099.129
Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 120.0.6...
Status: RESOLVED FIXED
Alias: CVE-2023-7024
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL: https://smash.suse.de/issue/388983/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-21 09:15 UTC by Gabriele Sonnu
Modified: 2024-01-16 11:44 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2023-12-21 09:15:13 UTC 
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html

The Stable channel has been updated to 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the nulllog. 

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

- CVE-2023-7024: Heap buffer overflow in WebRTC. 

Google is aware that an exploit for CVE-2023-7024 exists in the wild.
Comment 1 OBSbugzilla Bot 2024-01-12 15:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138331 Factory / chromium
Comment 2 OBSbugzilla Bot 2024-01-12 21:35:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138394 Factory / chromium
Comment 3 OBSbugzilla Bot 2024-01-13 15:35:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138475 Factory / chromium
Comment 4 OBSbugzilla Bot 2024-01-14 09:45:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138548 Backports:SLE-15-SP5 / chromium
Comment 5 OBSbugzilla Bot 2024-01-14 11:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138553 Factory / ungoogled-chromium
Comment 6 OBSbugzilla Bot 2024-01-14 13:45:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138570 Backports:SLE-15-SP5 / chromium
Comment 7 OBSbugzilla Bot 2024-01-14 15:35:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1218302) was mentioned in
https://build.opensuse.org/request/show/1138578 Factory / ungoogled-chromium
Comment 8 Marcus Meissner 2024-01-16 11:05:03 UTC 
openSUSE-SU-2024:0020-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1217839,1218048,1218302,1218303,1218533,1218719
CVE References: CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512,CVE-2023-6702,CVE-2023-6703,CVE-2023-6704,CVE-2023-6705,CVE-2023-6706,CVE-2023-6707,CVE-2023-7024,CVE-2024-0222,CVE-2024-0223,CVE-2024-0224,CVE-2024-0225,CVE-2024-0333
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-120.0.6099.216-bp155.2.64.1
Comment 9 Andreas Stieger 2024-01-16 11:44:41 UTC 
done