openSUSE-SU-2023:0234-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0234-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0234-1
Related
Published
2023-08-21T09:53:00Z
Modified
2023-08-21T09:53:00Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium 116.0.5845.96

  • New CSS features: Motion Path, and 'display' and 'content-visibility' animations
  • Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info API, and RP Context API, Non-composed Mouse and Pointer enter/leave events, Remove document.open sandbox inheritance, Report Critical-CH caused restart in NavigationTiming

This update fixes a number of security issues (boo#1214301):

  • CVE-2023-2312: Use after free in Offline
  • CVE-2023-4349: Use after free in Device Trust Connectors
  • CVE-2023-4350: Inappropriate implementation in Fullscreen
  • CVE-2023-4351: Use after free in Network
  • CVE-2023-4352: Type Confusion in V8
  • CVE-2023-4353: Heap buffer overflow in ANGLE
  • CVE-2023-4354: Heap buffer overflow in Skia
  • CVE-2023-4355: Out of bounds memory access in V8
  • CVE-2023-4356: Use after free in Audio
  • CVE-2023-4357: Insufficient validation of untrusted input in XML
  • CVE-2023-4358: Use after free in DNS
  • CVE-2023-4359: Inappropriate implementation in App Launcher
  • CVE-2023-4360: Inappropriate implementation in Color
  • CVE-2023-4361: Inappropriate implementation in Autofill
  • CVE-2023-4362: Heap buffer overflow in Mojom IDL
  • CVE-2023-4363: Inappropriate implementation in WebShare
  • CVE-2023-4364: Inappropriate implementation in Permission Prompts
  • CVE-2023-4365: Inappropriate implementation in Fullscreen
  • CVE-2023-4366: Use after free in Extensions
  • CVE-2023-4367: Insufficient policy enforcement in Extensions API

  • CVE-2023-4368: Insufficient policy enforcement in Extensions API

    • Fix crash with extensions (boo#1214003)
References

Affected packages

SUSE:Package Hub 15 SP4 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
116.0.5845.96-bp155.2.19.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "116.0.5845.96-bp155.2.19.1",
            "chromium": "116.0.5845.96-bp155.2.19.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
116.0.5845.96-bp155.2.19.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "116.0.5845.96-bp155.2.19.1",
            "chromium": "116.0.5845.96-bp155.2.19.1"
        }
    ]
}

openSUSE:Leap 15.4 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
116.0.5845.96-bp155.2.19.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "116.0.5845.96-bp155.2.19.1",
            "chromium": "116.0.5845.96-bp155.2.19.1"
        }
    ]
}

openSUSE:Leap 15.5 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
116.0.5845.96-bp155.2.19.1

Ecosystem specific 

{
    "binaries": [
        {
            "chromedriver": "116.0.5845.96-bp155.2.19.1",
            "chromium": "116.0.5845.96-bp155.2.19.1"
        }
    ]
}