Bug 1225199 (CVE-2024-5274) - VUL-0: CVE-2024-5274: chromium: Type Confusion in V8
Summary: VUL-0: CVE-2024-5274: chromium: Type Confusion in V8
Status: RESOLVED FIXED
Alias: CVE-2024-5274
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: Other Other
: P3 - Medium : Major (vote)
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL: https://smash.suse.de/issue/407623/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-24 09:39 UTC by Andreas Stieger
Modified: 2024-05-27 10:12 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2024-05-24 09:39:02 UTC 
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html

Fixed in 125.0.6422.112:

High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20


Google is aware that an exploit for CVE-2024-5274 exists in the wild.
Comment 1 OBSbugzilla Bot 2024-05-24 10:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1225199) was mentioned in
https://build.opensuse.org/request/show/1176705 Factory / chromium
https://build.opensuse.org/request/show/1176707 Backports:SLE-15-SP5 / chromium
Comment 2 Marcus Meissner 2024-05-26 13:05:49 UTC 
openSUSE-SU-2024:0141-1: An update that fixes one vulnerability is now available.

Category: security (critical)
Bug References: 1225199
CVE References: CVE-2024-5274
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    chromium-125.0.6422.112-bp155.2.88.1
Comment 3 Andreas Stieger 2024-05-27 10:12:55 UTC 
done