chromedriver-121.0.6167.184-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13758 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-121.0.6167.184-1.1 on GA media These are all security issues fixed in the chromedriver-121.0.6167.184-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13758 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13758 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-0804/ SUSE CVE CVE-2024-0804 page https://www.suse.com/security/cve/CVE-2024-0805/ SUSE CVE CVE-2024-0805 page https://www.suse.com/security/cve/CVE-2024-0806/ SUSE CVE CVE-2024-0806 page https://www.suse.com/security/cve/CVE-2024-0807/ SUSE CVE CVE-2024-0807 page https://www.suse.com/security/cve/CVE-2024-0808/ SUSE CVE CVE-2024-0808 page https://www.suse.com/security/cve/CVE-2024-0809/ SUSE CVE CVE-2024-0809 page https://www.suse.com/security/cve/CVE-2024-0810/ SUSE CVE CVE-2024-0810 page https://www.suse.com/security/cve/CVE-2024-0811/ SUSE CVE CVE-2024-0811 page https://www.suse.com/security/cve/CVE-2024-0812/ SUSE CVE CVE-2024-0812 page https://www.suse.com/security/cve/CVE-2024-0813/ SUSE CVE CVE-2024-0813 page https://www.suse.com/security/cve/CVE-2024-0814/ SUSE CVE CVE-2024-0814 page https://www.suse.com/security/cve/CVE-2024-1059/ SUSE CVE CVE-2024-1059 page https://www.suse.com/security/cve/CVE-2024-1060/ SUSE CVE CVE-2024-1060 page https://www.suse.com/security/cve/CVE-2024-1077/ SUSE CVE CVE-2024-1077 page https://www.suse.com/security/cve/CVE-2024-1283/ SUSE CVE CVE-2024-1283 page https://www.suse.com/security/cve/CVE-2024-1284/ SUSE CVE CVE-2024-1284 page openSUSE Tumbleweed chromedriver-121.0.6167.184-1.1 chromium-121.0.6167.184-1.1 chromedriver-121.0.6167.184-1.1 as a component of openSUSE Tumbleweed chromium-121.0.6167.184-1.1 as a component of openSUSE Tumbleweed Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-0804 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0804.html CVE-2024-0804 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) CVE-2024-0805 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0805.html CVE-2024-0805 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) CVE-2024-0806 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0806.html CVE-2024-0806 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-0807 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0807.html CVE-2024-0807 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) CVE-2024-0808 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0808.html CVE-2024-0808 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2024-0809 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0809.html CVE-2024-0809 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2024-0810 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0810.html CVE-2024-0810 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) CVE-2024-0811 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0811.html CVE-2024-0811 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-0812 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0812.html CVE-2024-0812 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) CVE-2024-0813 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0813.html CVE-2024-0813 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-0814 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-0814.html CVE-2024-0814 https://bugzilla.suse.com/1219118 SUSE Bug 1219118 Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-1059 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-1059.html CVE-2024-1059 https://bugzilla.suse.com/1219387 SUSE Bug 1219387 Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-1060 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-1060.html CVE-2024-1060 https://bugzilla.suse.com/1219387 SUSE Bug 1219387 Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) CVE-2024-1077 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-1077.html CVE-2024-1077 https://bugzilla.suse.com/1219387 SUSE Bug 1219387 Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-1283 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-1283.html CVE-2024-1283 https://bugzilla.suse.com/1219661 SUSE Bug 1219661 Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-1284 openSUSE Tumbleweed:chromedriver-121.0.6167.184-1.1 openSUSE Tumbleweed:chromium-121.0.6167.184-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-1284.html CVE-2024-1284 https://bugzilla.suse.com/1219661 SUSE Bug 1219661