Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0137-1 Final 1 1 2024-05-23T06:37:44Z current 2024-05-23T06:37:44Z 2024-05-23T06:37:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Chromium 125.0.6422.76 (boo#1224818) * CVE-2024-5157: Use after free in Scheduling * CVE-2024-5158: Type Confusion in V8 * CVE-2024-5159: Heap buffer overflow in ANGLE * CVE-2024-5160: Heap buffer overflow in Dawn * Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-137 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OUHQT3H7SVUMWPOBHPV62RCKTAJROHUB/ E-Mail link for openSUSE-SU-2024:0137-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1224818 SUSE Bug 1224818 https://www.suse.com/security/cve/CVE-2024-5157/ SUSE CVE CVE-2024-5157 page https://www.suse.com/security/cve/CVE-2024-5158/ SUSE CVE CVE-2024-5158 page https://www.suse.com/security/cve/CVE-2024-5159/ SUSE CVE CVE-2024-5159 page https://www.suse.com/security/cve/CVE-2024-5160/ SUSE CVE CVE-2024-5160 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 chromedriver-125.0.6422.76-bp155.2.85.2 chromium-125.0.6422.76-bp155.2.85.2 chromedriver-125.0.6422.76-bp155.2.85.2 as a component of SUSE Package Hub 15 SP5 chromium-125.0.6422.76-bp155.2.85.2 as a component of SUSE Package Hub 15 SP5 chromedriver-125.0.6422.76-bp155.2.85.2 as a component of openSUSE Leap 15.5 chromium-125.0.6422.76-bp155.2.85.2 as a component of openSUSE Leap 15.5 Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVE-2024-5157 SUSE Package Hub 15 SP5:chromedriver-125.0.6422.76-bp155.2.85.2 SUSE Package Hub 15 SP5:chromium-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromedriver-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromium-125.0.6422.76-bp155.2.85.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OUHQT3H7SVUMWPOBHPV62RCKTAJROHUB/ https://www.suse.com/security/cve/CVE-2024-5157.html CVE-2024-5157 https://bugzilla.suse.com/1224818 SUSE Bug 1224818 Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) CVE-2024-5158 SUSE Package Hub 15 SP5:chromedriver-125.0.6422.76-bp155.2.85.2 SUSE Package Hub 15 SP5:chromium-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromedriver-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromium-125.0.6422.76-bp155.2.85.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OUHQT3H7SVUMWPOBHPV62RCKTAJROHUB/ https://www.suse.com/security/cve/CVE-2024-5158.html CVE-2024-5158 https://bugzilla.suse.com/1224818 SUSE Bug 1224818 Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CVE-2024-5159 SUSE Package Hub 15 SP5:chromedriver-125.0.6422.76-bp155.2.85.2 SUSE Package Hub 15 SP5:chromium-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromedriver-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromium-125.0.6422.76-bp155.2.85.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OUHQT3H7SVUMWPOBHPV62RCKTAJROHUB/ https://www.suse.com/security/cve/CVE-2024-5159.html CVE-2024-5159 https://bugzilla.suse.com/1224818 SUSE Bug 1224818 Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) CVE-2024-5160 SUSE Package Hub 15 SP5:chromedriver-125.0.6422.76-bp155.2.85.2 SUSE Package Hub 15 SP5:chromium-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromedriver-125.0.6422.76-bp155.2.85.2 openSUSE Leap 15.5:chromium-125.0.6422.76-bp155.2.85.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OUHQT3H7SVUMWPOBHPV62RCKTAJROHUB/ https://www.suse.com/security/cve/CVE-2024-5160.html CVE-2024-5160 https://bugzilla.suse.com/1224818 SUSE Bug 1224818