ungoogled-chromium-119.0.6045.123-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13423 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ungoogled-chromium-119.0.6045.123-1.1 on GA media These are all security issues fixed in the ungoogled-chromium-119.0.6045.123-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13423 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13423 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-5480/ SUSE CVE CVE-2023-5480 page https://www.suse.com/security/cve/CVE-2023-5482/ SUSE CVE CVE-2023-5482 page https://www.suse.com/security/cve/CVE-2023-5849/ SUSE CVE CVE-2023-5849 page https://www.suse.com/security/cve/CVE-2023-5850/ SUSE CVE CVE-2023-5850 page https://www.suse.com/security/cve/CVE-2023-5851/ SUSE CVE CVE-2023-5851 page https://www.suse.com/security/cve/CVE-2023-5852/ SUSE CVE CVE-2023-5852 page https://www.suse.com/security/cve/CVE-2023-5853/ SUSE CVE CVE-2023-5853 page https://www.suse.com/security/cve/CVE-2023-5854/ SUSE CVE CVE-2023-5854 page https://www.suse.com/security/cve/CVE-2023-5855/ SUSE CVE CVE-2023-5855 page https://www.suse.com/security/cve/CVE-2023-5856/ SUSE CVE CVE-2023-5856 page https://www.suse.com/security/cve/CVE-2023-5857/ SUSE CVE CVE-2023-5857 page https://www.suse.com/security/cve/CVE-2023-5858/ SUSE CVE CVE-2023-5858 page https://www.suse.com/security/cve/CVE-2023-5859/ SUSE CVE CVE-2023-5859 page https://www.suse.com/security/cve/CVE-2023-5996/ SUSE CVE CVE-2023-5996 page openSUSE Tumbleweed ungoogled-chromium-119.0.6045.123-1.1 ungoogled-chromium-chromedriver-119.0.6045.123-1.1 ungoogled-chromium-119.0.6045.123-1.1 as a component of openSUSE Tumbleweed ungoogled-chromium-chromedriver-119.0.6045.123-1.1 as a component of openSUSE Tumbleweed Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) CVE-2023-5480 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5480.html CVE-2023-5480 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2023-5482 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5482.html CVE-2023-5482 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5849 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5849.html CVE-2023-5849 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) CVE-2023-5850 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5850.html CVE-2023-5850 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5851 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5851.html CVE-2023-5851 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) CVE-2023-5852 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5852.html CVE-2023-5852 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5853 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5853.html CVE-2023-5853 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) CVE-2023-5854 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5854.html CVE-2023-5854 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) CVE-2023-5855 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5855.html CVE-2023-5855 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-5856 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5856.html CVE-2023-5856 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) CVE-2023-5857 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5857.html CVE-2023-5857 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) CVE-2023-5858 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5858.html CVE-2023-5858 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) CVE-2023-5859 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5859.html CVE-2023-5859 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5996 openSUSE Tumbleweed:ungoogled-chromium-119.0.6045.123-1.1 openSUSE Tumbleweed:ungoogled-chromium-chromedriver-119.0.6045.123-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5996.html CVE-2023-5996 https://bugzilla.suse.com/1216978 SUSE Bug 1216978