chromedriver-109.0.5414.74-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12605 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-109.0.5414.74-1.1 on GA media These are all security issues fixed in the chromedriver-109.0.5414.74-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12605 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12605 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-0128/ SUSE CVE CVE-2023-0128 page https://www.suse.com/security/cve/CVE-2023-0129/ SUSE CVE CVE-2023-0129 page https://www.suse.com/security/cve/CVE-2023-0130/ SUSE CVE CVE-2023-0130 page https://www.suse.com/security/cve/CVE-2023-0131/ SUSE CVE CVE-2023-0131 page https://www.suse.com/security/cve/CVE-2023-0132/ SUSE CVE CVE-2023-0132 page https://www.suse.com/security/cve/CVE-2023-0133/ SUSE CVE CVE-2023-0133 page https://www.suse.com/security/cve/CVE-2023-0134/ SUSE CVE CVE-2023-0134 page https://www.suse.com/security/cve/CVE-2023-0135/ SUSE CVE CVE-2023-0135 page https://www.suse.com/security/cve/CVE-2023-0136/ SUSE CVE CVE-2023-0136 page https://www.suse.com/security/cve/CVE-2023-0137/ SUSE CVE CVE-2023-0137 page https://www.suse.com/security/cve/CVE-2023-0138/ SUSE CVE CVE-2023-0138 page https://www.suse.com/security/cve/CVE-2023-0139/ SUSE CVE CVE-2023-0139 page https://www.suse.com/security/cve/CVE-2023-0140/ SUSE CVE CVE-2023-0140 page https://www.suse.com/security/cve/CVE-2023-0141/ SUSE CVE CVE-2023-0141 page openSUSE Tumbleweed chromedriver-109.0.5414.74-1.1 chromium-109.0.5414.74-1.1 chromedriver-109.0.5414.74-1.1 as a component of openSUSE Tumbleweed chromium-109.0.5414.74-1.1 as a component of openSUSE Tumbleweed Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0128 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0128.html CVE-2023-0128 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) CVE-2023-0129 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0129.html CVE-2023-0129 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0130 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0130.html CVE-2023-0130 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0131 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0131.html CVE-2023-0131 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0132 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0132.html CVE-2023-0132 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0133 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0133.html CVE-2023-0133 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0134 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0134.html CVE-2023-0134 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0135 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0135.html CVE-2023-0135 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0136 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0136.html CVE-2023-0136 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-0137 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0137.html CVE-2023-0137 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) CVE-2023-0138 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0138.html CVE-2023-0138 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2023-0139 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0139.html CVE-2023-0139 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2023-0140 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0140.html CVE-2023-0140 https://bugzilla.suse.com/1207018 SUSE Bug 1207018 Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CVE-2023-0141 openSUSE Tumbleweed:chromedriver-109.0.5414.74-1.1 openSUSE Tumbleweed:chromium-109.0.5414.74-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0141.html CVE-2023-0141 https://bugzilla.suse.com/1207018 SUSE Bug 1207018