chromedriver-95.0.4638.69-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11604 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-95.0.4638.69-1.1 on GA media These are all security issues fixed in the chromedriver-95.0.4638.69-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11604 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11604 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-37997/ SUSE CVE CVE-2021-37997 page https://www.suse.com/security/cve/CVE-2021-37998/ SUSE CVE CVE-2021-37998 page https://www.suse.com/security/cve/CVE-2021-37999/ SUSE CVE CVE-2021-37999 page https://www.suse.com/security/cve/CVE-2021-38000/ SUSE CVE CVE-2021-38000 page https://www.suse.com/security/cve/CVE-2021-38001/ SUSE CVE CVE-2021-38001 page https://www.suse.com/security/cve/CVE-2021-38002/ SUSE CVE CVE-2021-38002 page https://www.suse.com/security/cve/CVE-2021-38003/ SUSE CVE CVE-2021-38003 page openSUSE Tumbleweed chromedriver-95.0.4638.69-1.1 chromium-95.0.4638.69-1.1 chromedriver-95.0.4638.69-1.1 as a component of openSUSE Tumbleweed chromium-95.0.4638.69-1.1 as a component of openSUSE Tumbleweed Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37997 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37997.html CVE-2021-37997 https://bugzilla.suse.com/1192184 SUSE Bug 1192184 Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37998 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37998.html CVE-2021-37998 https://bugzilla.suse.com/1192184 SUSE Bug 1192184 Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. CVE-2021-37999 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-37999.html CVE-2021-37999 https://bugzilla.suse.com/1192184 SUSE Bug 1192184 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. CVE-2021-38000 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-38000.html CVE-2021-38000 https://bugzilla.suse.com/1192184 SUSE Bug 1192184 Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-38001 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-38001.html CVE-2021-38001 https://bugzilla.suse.com/1192184 SUSE Bug 1192184 Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-38002 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-38002.html CVE-2021-38002 https://bugzilla.suse.com/1192184 SUSE Bug 1192184 Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-38003 openSUSE Tumbleweed:chromedriver-95.0.4638.69-1.1 openSUSE Tumbleweed:chromium-95.0.4638.69-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-38003.html CVE-2021-38003 https://bugzilla.suse.com/1192184 SUSE Bug 1192184