chromedriver-126.0.6478.126-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14122-1 Final 1 1 2024-07-12T00:00:00Z current 2024-07-12T00:00:00Z 2024-07-12T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-126.0.6478.126-1.1 on GA media These are all security issues fixed in the chromedriver-126.0.6478.126-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14122 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-5830/ SUSE CVE CVE-2024-5830 page https://www.suse.com/security/cve/CVE-2024-5831/ SUSE CVE CVE-2024-5831 page https://www.suse.com/security/cve/CVE-2024-5832/ SUSE CVE CVE-2024-5832 page https://www.suse.com/security/cve/CVE-2024-5833/ SUSE CVE CVE-2024-5833 page https://www.suse.com/security/cve/CVE-2024-5834/ SUSE CVE CVE-2024-5834 page https://www.suse.com/security/cve/CVE-2024-5835/ SUSE CVE CVE-2024-5835 page https://www.suse.com/security/cve/CVE-2024-5836/ SUSE CVE CVE-2024-5836 page https://www.suse.com/security/cve/CVE-2024-5837/ SUSE CVE CVE-2024-5837 page https://www.suse.com/security/cve/CVE-2024-5838/ SUSE CVE CVE-2024-5838 page https://www.suse.com/security/cve/CVE-2024-5839/ SUSE CVE CVE-2024-5839 page https://www.suse.com/security/cve/CVE-2024-5840/ SUSE CVE CVE-2024-5840 page https://www.suse.com/security/cve/CVE-2024-5841/ SUSE CVE CVE-2024-5841 page https://www.suse.com/security/cve/CVE-2024-5842/ SUSE CVE CVE-2024-5842 page https://www.suse.com/security/cve/CVE-2024-5843/ SUSE CVE CVE-2024-5843 page https://www.suse.com/security/cve/CVE-2024-5844/ SUSE CVE CVE-2024-5844 page https://www.suse.com/security/cve/CVE-2024-5845/ SUSE CVE CVE-2024-5845 page https://www.suse.com/security/cve/CVE-2024-5846/ SUSE CVE CVE-2024-5846 page https://www.suse.com/security/cve/CVE-2024-5847/ SUSE CVE CVE-2024-5847 page https://www.suse.com/security/cve/CVE-2024-6100/ SUSE CVE CVE-2024-6100 page https://www.suse.com/security/cve/CVE-2024-6101/ SUSE CVE CVE-2024-6101 page https://www.suse.com/security/cve/CVE-2024-6102/ SUSE CVE CVE-2024-6102 page https://www.suse.com/security/cve/CVE-2024-6103/ SUSE CVE CVE-2024-6103 page https://www.suse.com/security/cve/CVE-2024-6290/ SUSE CVE CVE-2024-6290 page https://www.suse.com/security/cve/CVE-2024-6291/ SUSE CVE CVE-2024-6291 page https://www.suse.com/security/cve/CVE-2024-6292/ SUSE CVE CVE-2024-6292 page https://www.suse.com/security/cve/CVE-2024-6293/ SUSE CVE CVE-2024-6293 page openSUSE Tumbleweed chromedriver-126.0.6478.126-1.1 chromium-126.0.6478.126-1.1 chromedriver-126.0.6478.126-1.1 as a component of openSUSE Tumbleweed chromium-126.0.6478.126-1.1 as a component of openSUSE Tumbleweed Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) CVE-2024-5830 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5830.html CVE-2024-5830 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5831 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5831.html CVE-2024-5831 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5832 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5832.html CVE-2024-5832 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-5833 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5833.html CVE-2024-5833 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVE-2024-5834 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5834.html CVE-2024-5834 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5835 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5835.html CVE-2024-5835 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) CVE-2024-5836 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5836.html CVE-2024-5836 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-5837 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5837.html CVE-2024-5837 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-5838 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5838.html CVE-2024-5838 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5839 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5839.html CVE-2024-5839 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5840 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5840.html CVE-2024-5840 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5841 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5841.html CVE-2024-5841 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5842 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5842.html CVE-2024-5842 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) CVE-2024-5843 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5843.html CVE-2024-5843 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5844 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5844.html CVE-2024-5844 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-5845 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5845.html CVE-2024-5845 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-5846 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5846.html CVE-2024-5846 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-5847 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-5847.html CVE-2024-5847 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVE-2024-6100 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6100.html CVE-2024-6100 https://bugzilla.suse.com/1226504 SUSE Bug 1226504 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-6101 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6101.html CVE-2024-6101 https://bugzilla.suse.com/1226504 SUSE Bug 1226504 Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6102 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6102.html CVE-2024-6102 https://bugzilla.suse.com/1226504 SUSE Bug 1226504 Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6103 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6103.html CVE-2024-6103 https://bugzilla.suse.com/1226504 SUSE Bug 1226504 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6290 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6290.html CVE-2024-6290 https://bugzilla.suse.com/1226933 SUSE Bug 1226933 Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6291 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6291.html CVE-2024-6291 https://bugzilla.suse.com/1226933 SUSE Bug 1226933 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6292 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6292.html CVE-2024-6292 https://bugzilla.suse.com/1226933 SUSE Bug 1226933 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6293 openSUSE Tumbleweed:chromedriver-126.0.6478.126-1.1 openSUSE Tumbleweed:chromium-126.0.6478.126-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6293.html CVE-2024-6293 https://bugzilla.suse.com/1226933 SUSE Bug 1226933