Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0320-1 Final 1 1 2024-09-30T08:41:05Z current 2024-09-30T08:41:05Z 2024-09-30T08:41:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 129.0.6668.70 (stable released 2024-09-24) (boo#1230964) * CVE-2024-9120: Use after free in Dawn * CVE-2024-9121: Inappropriate implementation in V8 * CVE-2024-9122: Type Confusion in V8 * CVE-2024-9123: Integer overflow in Skia The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-320 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSCMNKOFIFR6UW562BL6G3POOMLBOVMN/ E-Mail link for openSUSE-SU-2024:0320-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230964 SUSE Bug 1230964 https://www.suse.com/security/cve/CVE-2024-9120/ SUSE CVE CVE-2024-9120 page https://www.suse.com/security/cve/CVE-2024-9121/ SUSE CVE CVE-2024-9121 page https://www.suse.com/security/cve/CVE-2024-9122/ SUSE CVE CVE-2024-9122 page https://www.suse.com/security/cve/CVE-2024-9123/ SUSE CVE CVE-2024-9123 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 chromedriver-129.0.6668.70-bp155.2.120.1 chromium-129.0.6668.70-bp155.2.120.1 chromedriver-129.0.6668.70-bp155.2.120.1 as a component of SUSE Package Hub 15 SP5 chromium-129.0.6668.70-bp155.2.120.1 as a component of SUSE Package Hub 15 SP5 chromedriver-129.0.6668.70-bp155.2.120.1 as a component of openSUSE Leap 15.5 chromium-129.0.6668.70-bp155.2.120.1 as a component of openSUSE Leap 15.5 Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-9120 SUSE Package Hub 15 SP5:chromedriver-129.0.6668.70-bp155.2.120.1 SUSE Package Hub 15 SP5:chromium-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromedriver-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromium-129.0.6668.70-bp155.2.120.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSCMNKOFIFR6UW562BL6G3POOMLBOVMN/ https://www.suse.com/security/cve/CVE-2024-9120.html CVE-2024-9120 https://bugzilla.suse.com/1230964 SUSE Bug 1230964 Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-9121 SUSE Package Hub 15 SP5:chromedriver-129.0.6668.70-bp155.2.120.1 SUSE Package Hub 15 SP5:chromium-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromedriver-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromium-129.0.6668.70-bp155.2.120.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSCMNKOFIFR6UW562BL6G3POOMLBOVMN/ https://www.suse.com/security/cve/CVE-2024-9121.html CVE-2024-9121 https://bugzilla.suse.com/1230964 SUSE Bug 1230964 Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-9122 SUSE Package Hub 15 SP5:chromedriver-129.0.6668.70-bp155.2.120.1 SUSE Package Hub 15 SP5:chromium-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromedriver-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromium-129.0.6668.70-bp155.2.120.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSCMNKOFIFR6UW562BL6G3POOMLBOVMN/ https://www.suse.com/security/cve/CVE-2024-9122.html CVE-2024-9122 https://bugzilla.suse.com/1230964 SUSE Bug 1230964 Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) CVE-2024-9123 SUSE Package Hub 15 SP5:chromedriver-129.0.6668.70-bp155.2.120.1 SUSE Package Hub 15 SP5:chromium-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromedriver-129.0.6668.70-bp155.2.120.1 openSUSE Leap 15.5:chromium-129.0.6668.70-bp155.2.120.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSCMNKOFIFR6UW562BL6G3POOMLBOVMN/ https://www.suse.com/security/cve/CVE-2024-9123.html CVE-2024-9123 https://bugzilla.suse.com/1230964 SUSE Bug 1230964