Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0373-1 Final 1 1 2024-11-22T14:42:36Z current 2024-11-22T14:42:36Z 2024-11-22T14:42:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311) * CVE-2024-11110: Inappropriate implementation in Blink. * CVE-2024-11111: Inappropriate implementation in Autofill. * CVE-2024-11112: Use after free in Media. * CVE-2024-11113: Use after free in Accessibility. * CVE-2024-11114: Inappropriate implementation in Views. * CVE-2024-11115: Insufficient policy enforcement in Navigation. * CVE-2024-11116: Inappropriate implementation in Paint. * CVE-2024-11117: Inappropriate implementation in FileSystem. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-373 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ E-Mail link for openSUSE-SU-2024:0373-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233311 SUSE Bug 1233311 https://www.suse.com/security/cve/CVE-2024-11110/ SUSE CVE CVE-2024-11110 page https://www.suse.com/security/cve/CVE-2024-11111/ SUSE CVE CVE-2024-11111 page https://www.suse.com/security/cve/CVE-2024-11112/ SUSE CVE CVE-2024-11112 page https://www.suse.com/security/cve/CVE-2024-11113/ SUSE CVE CVE-2024-11113 page https://www.suse.com/security/cve/CVE-2024-11114/ SUSE CVE CVE-2024-11114 page https://www.suse.com/security/cve/CVE-2024-11115/ SUSE CVE CVE-2024-11115 page https://www.suse.com/security/cve/CVE-2024-11116/ SUSE CVE CVE-2024-11116 page https://www.suse.com/security/cve/CVE-2024-11117/ SUSE CVE CVE-2024-11117 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 chromedriver-131.0.6778.69-bp155.2.141.1 chromium-131.0.6778.69-bp155.2.141.1 chromedriver-131.0.6778.69-bp155.2.141.1 as a component of SUSE Package Hub 15 SP5 chromium-131.0.6778.69-bp155.2.141.1 as a component of SUSE Package Hub 15 SP5 chromedriver-131.0.6778.69-bp155.2.141.1 as a component of openSUSE Leap 15.5 chromium-131.0.6778.69-bp155.2.141.1 as a component of openSUSE Leap 15.5 Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) CVE-2024-11110 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11110.html CVE-2024-11110 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-11111 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11111.html CVE-2024-11111 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-11112 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11112.html CVE-2024-11112 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-11113 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11113.html CVE-2024-11113 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-11114 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11114.html CVE-2024-11114 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) CVE-2024-11115 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11115.html CVE-2024-11115 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-11116 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11116.html CVE-2024-11116 https://bugzilla.suse.com/1233311 SUSE Bug 1233311 Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2024-11117 SUSE Package Hub 15 SP5:chromedriver-131.0.6778.69-bp155.2.141.1 SUSE Package Hub 15 SP5:chromium-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromedriver-131.0.6778.69-bp155.2.141.1 openSUSE Leap 15.5:chromium-131.0.6778.69-bp155.2.141.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GW7TPS22DZK4SYF2WPZQO6RF5P6FPPAV/ https://www.suse.com/security/cve/CVE-2024-11117.html CVE-2024-11117 https://bugzilla.suse.com/1233311 SUSE Bug 1233311