chromedriver-111.0.5563.64-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12775-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-111.0.5563.64-2.1 on GA media These are all security issues fixed in the chromedriver-111.0.5563.64-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12775 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-1213/ SUSE CVE CVE-2023-1213 page https://www.suse.com/security/cve/CVE-2023-1214/ SUSE CVE CVE-2023-1214 page https://www.suse.com/security/cve/CVE-2023-1215/ SUSE CVE CVE-2023-1215 page https://www.suse.com/security/cve/CVE-2023-1216/ SUSE CVE CVE-2023-1216 page https://www.suse.com/security/cve/CVE-2023-1217/ SUSE CVE CVE-2023-1217 page https://www.suse.com/security/cve/CVE-2023-1218/ SUSE CVE CVE-2023-1218 page https://www.suse.com/security/cve/CVE-2023-1219/ SUSE CVE CVE-2023-1219 page https://www.suse.com/security/cve/CVE-2023-1220/ SUSE CVE CVE-2023-1220 page https://www.suse.com/security/cve/CVE-2023-1221/ SUSE CVE CVE-2023-1221 page https://www.suse.com/security/cve/CVE-2023-1222/ SUSE CVE CVE-2023-1222 page https://www.suse.com/security/cve/CVE-2023-1223/ SUSE CVE CVE-2023-1223 page https://www.suse.com/security/cve/CVE-2023-1224/ SUSE CVE CVE-2023-1224 page https://www.suse.com/security/cve/CVE-2023-1225/ SUSE CVE CVE-2023-1225 page https://www.suse.com/security/cve/CVE-2023-1226/ SUSE CVE CVE-2023-1226 page https://www.suse.com/security/cve/CVE-2023-1227/ SUSE CVE CVE-2023-1227 page https://www.suse.com/security/cve/CVE-2023-1228/ SUSE CVE CVE-2023-1228 page https://www.suse.com/security/cve/CVE-2023-1229/ SUSE CVE CVE-2023-1229 page https://www.suse.com/security/cve/CVE-2023-1230/ SUSE CVE CVE-2023-1230 page https://www.suse.com/security/cve/CVE-2023-1231/ SUSE CVE CVE-2023-1231 page https://www.suse.com/security/cve/CVE-2023-1232/ SUSE CVE CVE-2023-1232 page https://www.suse.com/security/cve/CVE-2023-1233/ SUSE CVE CVE-2023-1233 page https://www.suse.com/security/cve/CVE-2023-1234/ SUSE CVE CVE-2023-1234 page https://www.suse.com/security/cve/CVE-2023-1235/ SUSE CVE CVE-2023-1235 page https://www.suse.com/security/cve/CVE-2023-1236/ SUSE CVE CVE-2023-1236 page openSUSE Tumbleweed chromedriver-111.0.5563.64-2.1 chromium-111.0.5563.64-2.1 chromedriver-111.0.5563.64-2.1 as a component of openSUSE Tumbleweed chromium-111.0.5563.64-2.1 as a component of openSUSE Tumbleweed Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1213 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1213.html CVE-2023-1213 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1214 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1214.html CVE-2023-1214 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1215 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1215.html CVE-2023-1215 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1216 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1216.html CVE-2023-1216 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) CVE-2023-1217 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1217.html CVE-2023-1217 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1218 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1218.html CVE-2023-1218 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1219 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1219.html CVE-2023-1219 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1220 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1220.html CVE-2023-1220 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2023-1221 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1221.html CVE-2023-1221 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1222 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1222.html CVE-2023-1222 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1223 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1223.html CVE-2023-1223 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1224 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1224.html CVE-2023-1224 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1225 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1225.html CVE-2023-1225 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1226 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1226.html CVE-2023-1226 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) CVE-2023-1227 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1227.html CVE-2023-1227 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1228 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1228.html CVE-2023-1228 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1229 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1229.html CVE-2023-1229 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1230 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1230.html CVE-2023-1230 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1231 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1231.html CVE-2023-1231 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) CVE-2023-1232 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1232.html CVE-2023-1232 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) CVE-2023-1233 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1233.html CVE-2023-1233 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2023-1234 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1234.html CVE-2023-1234 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) CVE-2023-1235 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1235.html CVE-2023-1235 https://bugzilla.suse.com/1209040 SUSE Bug 1209040 Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) CVE-2023-1236 openSUSE Tumbleweed:chromedriver-111.0.5563.64-2.1 openSUSE Tumbleweed:chromium-111.0.5563.64-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-1236.html CVE-2023-1236 https://bugzilla.suse.com/1209040 SUSE Bug 1209040