Bugzilla – Bug 1222707
VUL-0: chromium,ungoogled-chromium: multiple vulnerabilities fixed in 123.0.6312.122
Last modified: 2024-05-13 04:05:05 UTC
The Stable channel has been updated to 123.0.6312.122/.123 for Windows 123.0.6312.122/.123/.124 for Mac and 123.0.6312.122 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26 High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09 High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html
chromium 124 closed even more vulnerabilities. The openSUSE package should not be used until it is updated.
*** Bug 1222260 has been marked as a duplicate of this bug. ***
*** Bug 1222035 has been marked as a duplicate of this bug. ***
I think it has become clear that a Chromium build from source has become unmaintainable in openSUSE> Calum is strained, and I do not have time to further invest on this.
Superseding by chomium 124 CVE list *** This bug has been marked as a duplicate of bug 1222958 ***
Regarding comment#4 what does this mean for the future of chromium on openSUSE and in the PackageHub?
Not speaking for Callum (who has been doing most of the work) But we should be looking into additional packaging help, see if we can keep current and more closer to the upstream release schedule, or drop it in favor of an easy-to-consume flatpack helper
This is an autogenerated message for OBS integration: This bug (1222707) was mentioned in https://build.opensuse.org/request/show/1173380 Factory / chromium
This is an autogenerated message for OBS integration: This bug (1222707) was mentioned in https://build.opensuse.org/request/show/1173381 Backports:SLE-15-SP5 / chromium
openSUSE-SU-2024:0123-1: An update that fixes 35 vulnerabilities is now available. Category: security (important) Bug References: 1221732,1222035,1222260,1222707,1222958,1223845,1223846,1224045 CVE References: CVE-2024-2625,CVE-2024-2626,CVE-2024-2627,CVE-2024-2628,CVE-2024-2883,CVE-2024-2885,CVE-2024-2886,CVE-2024-2887,CVE-2024-3156,CVE-2024-3157,CVE-2024-3158,CVE-2024-3159,CVE-2024-3515,CVE-2024-3516,CVE-2024-3832,CVE-2024-3833,CVE-2024-3834,CVE-2024-3837,CVE-2024-3838,CVE-2024-3839,CVE-2024-3840,CVE-2024-3841,CVE-2024-3843,CVE-2024-3844,CVE-2024-3845,CVE-2024-3846,CVE-2024-3847,CVE-2024-4058,CVE-2024-4059,CVE-2024-4060,CVE-2024-4331,CVE-2024-4368,CVE-2024-4558,CVE-2024-4559,CVE-2024-4671 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): chromium-124.0.6367.201-bp155.2.78.1