Bug 1220604 - VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 122.0.6261.94
Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 122.0.6...
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P3 - Medium : Major (vote)
Target Milestone: ---
Assignee: Callum Farmer
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-29 08:20 UTC by Thomas Leroy
Modified: 2024-03-18 11:04 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2024-02-29 08:20:23 UTC 
The Stable channel has been updated to 122.0.6261.94 for Mac,Linux and 122.0.6261.94/.95 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

The Extended Stable channel has been updated to 122.0.6261.94 for Mac and 122.0.6261.95 for Windows which will roll out over the coming days/weeks.


 Security Fixes and Rewards

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11

High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05

References:
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
Comment 1 OBSbugzilla Bot 2024-03-09 19:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1220604) was mentioned in
https://build.opensuse.org/request/show/1156639 Factory / chromium
Comment 2 OBSbugzilla Bot 2024-03-10 21:35:08 UTC 
This is an autogenerated message for OBS integration:
This bug (1220604) was mentioned in
https://build.opensuse.org/request/show/1156764 Factory / ungoogled-chromium
Comment 3 OBSbugzilla Bot 2024-03-12 09:55:50 UTC 
This is an autogenerated message for OBS integration:
This bug (1220604) was mentioned in
https://build.opensuse.org/request/show/1157120 Backports:SLE-15-SP5 / chromium
Comment 4 OBSbugzilla Bot 2024-03-13 13:35:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1220604) was mentioned in
https://build.opensuse.org/request/show/1157505 Backports:SLE-15-SP5 / chromium
Comment 5 Marcus Meissner 2024-03-18 10:57:27 UTC 
released
Comment 6 Marcus Meissner 2024-03-18 11:04:56 UTC 
openSUSE-SU-2024:0084-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1220131,1220604,1221105,1221335
CVE References: CVE-2024-1669,CVE-2024-1670,CVE-2024-1671,CVE-2024-1672,CVE-2024-1673,CVE-2024-1674,CVE-2024-1675,CVE-2024-1676,CVE-2024-2173,CVE-2024-2174,CVE-2024-2176,CVE-2024-2400
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-122.0.6261.128-bp155.2.75.1, llvm17-17.0.6-bp155.2.2