Bug 1221732 - VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.58
Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6...
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-19 23:54 UTC by Andreas Stieger
Modified: 2024-05-13 09:13 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2024-03-19 23:54:53 UTC 
From https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html

CVE-2024-2625: Object lifecycle issue in V8
CVE-2024-2626: Out of bounds read in Swiftshader
CVE-2024-2627: Use after free in Canvas
CVE-2024-2628: Inappropriate implementation in Downloads
CVE-2024-2629: Incorrect security UI in iOS
CVE-2024-2630: Inappropriate implementation in iOS
CVE-2024-2631: Inappropriate implementation in iOS
Comment 1 Andreas Stieger 2024-03-20 09:46:46 UTC 
First attempt in https://build.opensuse.org/package/show/network:chromium/chromium-beta

chromium-122-PA-undo-internal-alloc.patch needs to be re-applied and expanded
Comment 2 OBSbugzilla Bot 2024-05-11 05:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1221732) was mentioned in
https://build.opensuse.org/request/show/1173380 Factory / chromium
Comment 3 OBSbugzilla Bot 2024-05-11 06:15:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1221732) was mentioned in
https://build.opensuse.org/request/show/1173381 Backports:SLE-15-SP5 / chromium
Comment 4 Marcus Meissner 2024-05-13 04:04:59 UTC 
openSUSE-SU-2024:0123-1: An update that fixes 35 vulnerabilities is now available.

Category: security (important)
Bug References: 1221732,1222035,1222260,1222707,1222958,1223845,1223846,1224045
CVE References: CVE-2024-2625,CVE-2024-2626,CVE-2024-2627,CVE-2024-2628,CVE-2024-2883,CVE-2024-2885,CVE-2024-2886,CVE-2024-2887,CVE-2024-3156,CVE-2024-3157,CVE-2024-3158,CVE-2024-3159,CVE-2024-3515,CVE-2024-3516,CVE-2024-3832,CVE-2024-3833,CVE-2024-3834,CVE-2024-3837,CVE-2024-3838,CVE-2024-3839,CVE-2024-3840,CVE-2024-3841,CVE-2024-3843,CVE-2024-3844,CVE-2024-3845,CVE-2024-3846,CVE-2024-3847,CVE-2024-4058,CVE-2024-4059,CVE-2024-4060,CVE-2024-4331,CVE-2024-4368,CVE-2024-4558,CVE-2024-4559,CVE-2024-4671
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-124.0.6367.201-bp155.2.78.1
Comment 5 Andreas Stieger 2024-05-13 09:13:43 UTC 
Chromium 124.0.6367.201 is in, as I did not get any crashes anymore.