Bug 1222260 (CVE-2024-3156, CVE-2024-3158, CVE-2024-3159) - VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.105
Summary: VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6...
Status: RESOLVED DUPLICATE of bug 1222707
Alias: CVE-2024-3156, CVE-2024-3158, CVE-2024-3159
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: Other Other
: P3 - Medium : Major (vote)
Target Milestone: ---
Assignee: Callum Farmer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/400098/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-03 07:19 UTC by Alexander Bergmann
Modified: 2024-05-13 04:05 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2024-04-03 07:19:55 UTC 
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html

Stable Channel Update for Desktop
Tuesday, April 2, 2024

The Stable channel has been updated to 123.0.6312.105/.106/.107 for Windows and Mac and 123.0.6312.105 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8


For detailed information, please look into the official Chrome release announcement.
Comment 1 Benjamin Greiner 2024-04-17 08:52:46 UTC 
Duplicate is not the same version but same problem

*** This bug has been marked as a duplicate of bug 1222707 ***
Comment 2 OBSbugzilla Bot 2024-05-11 05:35:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1222260) was mentioned in
https://build.opensuse.org/request/show/1173380 Factory / chromium
Comment 3 OBSbugzilla Bot 2024-05-11 06:15:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1222260) was mentioned in
https://build.opensuse.org/request/show/1173381 Backports:SLE-15-SP5 / chromium
Comment 4 Marcus Meissner 2024-05-13 04:05:02 UTC 
openSUSE-SU-2024:0123-1: An update that fixes 35 vulnerabilities is now available.

Category: security (important)
Bug References: 1221732,1222035,1222260,1222707,1222958,1223845,1223846,1224045
CVE References: CVE-2024-2625,CVE-2024-2626,CVE-2024-2627,CVE-2024-2628,CVE-2024-2883,CVE-2024-2885,CVE-2024-2886,CVE-2024-2887,CVE-2024-3156,CVE-2024-3157,CVE-2024-3158,CVE-2024-3159,CVE-2024-3515,CVE-2024-3516,CVE-2024-3832,CVE-2024-3833,CVE-2024-3834,CVE-2024-3837,CVE-2024-3838,CVE-2024-3839,CVE-2024-3840,CVE-2024-3841,CVE-2024-3843,CVE-2024-3844,CVE-2024-3845,CVE-2024-3846,CVE-2024-3847,CVE-2024-4058,CVE-2024-4059,CVE-2024-4060,CVE-2024-4331,CVE-2024-4368,CVE-2024-4558,CVE-2024-4559,CVE-2024-4671
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-124.0.6367.201-bp155.2.78.1