Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0258-1 Final 1 1 2024-08-23T09:15:52Z current 2024-08-23T09:15:52Z 2024-08-23T09:15:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-258 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ E-Mail link for openSUSE-SU-2024:0258-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1229426 SUSE Bug 1229426 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 https://www.suse.com/security/cve/CVE-2024-7964/ SUSE CVE CVE-2024-7964 page https://www.suse.com/security/cve/CVE-2024-7965/ SUSE CVE CVE-2024-7965 page https://www.suse.com/security/cve/CVE-2024-7966/ SUSE CVE CVE-2024-7966 page https://www.suse.com/security/cve/CVE-2024-7967/ SUSE CVE CVE-2024-7967 page https://www.suse.com/security/cve/CVE-2024-7968/ SUSE CVE CVE-2024-7968 page https://www.suse.com/security/cve/CVE-2024-7969/ SUSE CVE CVE-2024-7969 page https://www.suse.com/security/cve/CVE-2024-7971/ SUSE CVE CVE-2024-7971 page https://www.suse.com/security/cve/CVE-2024-7972/ SUSE CVE CVE-2024-7972 page https://www.suse.com/security/cve/CVE-2024-7973/ SUSE CVE CVE-2024-7973 page https://www.suse.com/security/cve/CVE-2024-7974/ SUSE CVE CVE-2024-7974 page https://www.suse.com/security/cve/CVE-2024-7975/ SUSE CVE CVE-2024-7975 page https://www.suse.com/security/cve/CVE-2024-7976/ SUSE CVE CVE-2024-7976 page https://www.suse.com/security/cve/CVE-2024-7977/ SUSE CVE CVE-2024-7977 page https://www.suse.com/security/cve/CVE-2024-7978/ SUSE CVE CVE-2024-7978 page https://www.suse.com/security/cve/CVE-2024-7979/ SUSE CVE CVE-2024-7979 page https://www.suse.com/security/cve/CVE-2024-7980/ SUSE CVE CVE-2024-7980 page https://www.suse.com/security/cve/CVE-2024-7981/ SUSE CVE CVE-2024-7981 page https://www.suse.com/security/cve/CVE-2024-8033/ SUSE CVE CVE-2024-8033 page https://www.suse.com/security/cve/CVE-2024-8034/ SUSE CVE CVE-2024-8034 page https://www.suse.com/security/cve/CVE-2024-8035/ SUSE CVE CVE-2024-8035 page SUSE Package Hub 15 SP5 SUSE Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 chromedriver-128.0.6613.84-bp156.2.17.1 chromium-128.0.6613.84-bp156.2.17.1 chromedriver-128.0.6613.84-bp156.2.17.1 as a component of SUSE Package Hub 15 SP5 chromium-128.0.6613.84-bp156.2.17.1 as a component of SUSE Package Hub 15 SP5 chromedriver-128.0.6613.84-bp156.2.17.1 as a component of SUSE Package Hub 15 SP6 chromium-128.0.6613.84-bp156.2.17.1 as a component of SUSE Package Hub 15 SP6 chromedriver-128.0.6613.84-bp156.2.17.1 as a component of openSUSE Leap 15.5 chromium-128.0.6613.84-bp156.2.17.1 as a component of openSUSE Leap 15.5 chromedriver-128.0.6613.84-bp156.2.17.1 as a component of openSUSE Leap 15.6 chromium-128.0.6613.84-bp156.2.17.1 as a component of openSUSE Leap 15.6 Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7964 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7964.html CVE-2024-7964 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7965 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7965.html CVE-2024-7965 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-7966 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7966.html CVE-2024-7966 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7967 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7967.html CVE-2024-7967 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7968 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7968.html CVE-2024-7968 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7969 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7969.html CVE-2024-7969 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 https://bugzilla.suse.com/1229897 SUSE Bug 1229897 Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7971 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7971.html CVE-2024-7971 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-7972 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7972.html CVE-2024-7972 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-7973 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7973.html CVE-2024-7973 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2024-7974 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7974.html CVE-2024-7974 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-7975 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7975.html CVE-2024-7975 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-7976 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7976.html CVE-2024-7976 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) CVE-2024-7977 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7977.html CVE-2024-7977 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-7978 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7978.html CVE-2024-7978 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) CVE-2024-7979 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7979.html CVE-2024-7979 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) CVE-2024-7980 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7980.html CVE-2024-7980 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2024-7981 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-7981.html CVE-2024-7981 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2024-8033 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-8033.html CVE-2024-8033 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2024-8034 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-8034.html CVE-2024-8034 https://bugzilla.suse.com/1229591 SUSE Bug 1229591 Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2024-8035 SUSE Package Hub 15 SP5:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP5:chromium-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromedriver-128.0.6613.84-bp156.2.17.1 SUSE Package Hub 15 SP6:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.5:chromium-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromedriver-128.0.6613.84-bp156.2.17.1 openSUSE Leap 15.6:chromium-128.0.6613.84-bp156.2.17.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ https://www.suse.com/security/cve/CVE-2024-8035.html CVE-2024-8035 https://bugzilla.suse.com/1229591 SUSE Bug 1229591