openSUSE-SU-2023:0193-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0193-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0193-1
Related
Published
2023-07-26T14:08:03Z
Modified
2023-07-26T14:08:03Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium 115.0.5790.102:

  • stability fix

Chromium 115.0.5790.98:

  • Security: The Storage, Service Worker, and Communication APIs are now partitioned in third-party contexts to prevent certain types of side-channel cross-site tracking
  • HTTPS: Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP.
  • CSS: accept multiple values of the display property
  • CSS: support boolean context style container queries
  • CSS: support scroll-driven animations
  • Increase the maximum size of a WebAssembly.Module() on the main thread to 8 MB
  • FedCM: Support credential management mediation requirements for auto re-authentication
  • Deprecate the document.domain setter
  • Deprecate mutation events

  • Security fixes (boo#1213462):

    • CVE-2023-3727: Use after free in WebRTC
    • CVE-2023-3728: Use after free in WebRTC
    • CVE-2023-3730: Use after free in Tab Groups
    • CVE-2023-3732: Out of bounds memory access in Mojo
    • CVE-2023-3733: Inappropriate implementation in WebApp Installs
    • CVE-2023-3734: Inappropriate implementation in Picture In Picture
    • CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
    • CVE-2023-3736: Inappropriate implementation in Custom Tabs
    • CVE-2023-3737: Inappropriate implementation in Notifications
    • CVE-2023-3738: Inappropriate implementation in Autofill
    • CVE-2023-3740: Insufficient validation of untrusted input in Themes
    • Various fixes from internal audits, fuzzing and other initiatives
References

Affected packages

SUSE:Package Hub 15 SP4 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.0.5790.102-bp155.2.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "115.0.5790.102-bp155.2.13.1",
            "chromium": "115.0.5790.102-bp155.2.13.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.0.5790.102-bp155.2.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "115.0.5790.102-bp155.2.13.1",
            "chromium": "115.0.5790.102-bp155.2.13.1"
        }
    ]
}

openSUSE:Leap 15.4 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.0.5790.102-bp155.2.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "115.0.5790.102-bp155.2.13.1",
            "chromium": "115.0.5790.102-bp155.2.13.1"
        }
    ]
}

openSUSE:Leap 15.5 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
115.0.5790.102-bp155.2.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "115.0.5790.102-bp155.2.13.1",
            "chromium": "115.0.5790.102-bp155.2.13.1"
        }
    ]
}