chromedriver-127.0.6533.119-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14272-1 Final 1 1 2024-08-18T00:00:00Z current 2024-08-18T00:00:00Z 2024-08-18T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-127.0.6533.119-1.1 on GA media These are all security issues fixed in the chromedriver-127.0.6533.119-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14272 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-6988/ SUSE CVE CVE-2024-6988 page https://www.suse.com/security/cve/CVE-2024-6989/ SUSE CVE CVE-2024-6989 page https://www.suse.com/security/cve/CVE-2024-6990/ SUSE CVE CVE-2024-6990 page https://www.suse.com/security/cve/CVE-2024-6991/ SUSE CVE CVE-2024-6991 page https://www.suse.com/security/cve/CVE-2024-6992/ SUSE CVE CVE-2024-6992 page https://www.suse.com/security/cve/CVE-2024-6993/ SUSE CVE CVE-2024-6993 page https://www.suse.com/security/cve/CVE-2024-6994/ SUSE CVE CVE-2024-6994 page https://www.suse.com/security/cve/CVE-2024-6995/ SUSE CVE CVE-2024-6995 page https://www.suse.com/security/cve/CVE-2024-6996/ SUSE CVE CVE-2024-6996 page https://www.suse.com/security/cve/CVE-2024-6997/ SUSE CVE CVE-2024-6997 page https://www.suse.com/security/cve/CVE-2024-6998/ SUSE CVE CVE-2024-6998 page https://www.suse.com/security/cve/CVE-2024-6999/ SUSE CVE CVE-2024-6999 page https://www.suse.com/security/cve/CVE-2024-7000/ SUSE CVE CVE-2024-7000 page https://www.suse.com/security/cve/CVE-2024-7001/ SUSE CVE CVE-2024-7001 page https://www.suse.com/security/cve/CVE-2024-7003/ SUSE CVE CVE-2024-7003 page https://www.suse.com/security/cve/CVE-2024-7004/ SUSE CVE CVE-2024-7004 page https://www.suse.com/security/cve/CVE-2024-7005/ SUSE CVE CVE-2024-7005 page https://www.suse.com/security/cve/CVE-2024-7255/ SUSE CVE CVE-2024-7255 page https://www.suse.com/security/cve/CVE-2024-7256/ SUSE CVE CVE-2024-7256 page https://www.suse.com/security/cve/CVE-2024-7532/ SUSE CVE CVE-2024-7532 page https://www.suse.com/security/cve/CVE-2024-7533/ SUSE CVE CVE-2024-7533 page https://www.suse.com/security/cve/CVE-2024-7534/ SUSE CVE CVE-2024-7534 page https://www.suse.com/security/cve/CVE-2024-7535/ SUSE CVE CVE-2024-7535 page https://www.suse.com/security/cve/CVE-2024-7536/ SUSE CVE CVE-2024-7536 page https://www.suse.com/security/cve/CVE-2024-7550/ SUSE CVE CVE-2024-7550 page openSUSE Tumbleweed chromedriver-127.0.6533.119-1.1 chromium-127.0.6533.119-1.1 chromedriver-127.0.6533.119-1.1 as a component of openSUSE Tumbleweed chromium-127.0.6533.119-1.1 as a component of openSUSE Tumbleweed Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6988 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6988.html CVE-2024-6988 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6989 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6989.html CVE-2024-6989 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) CVE-2024-6990 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6990.html CVE-2024-6990 https://bugzilla.suse.com/1228628 SUSE Bug 1228628 Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6991 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6991.html CVE-2024-6991 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-6992 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6992.html CVE-2024-6992 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2024-6993 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6993.html CVE-2024-6993 Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-6994 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6994.html CVE-2024-6994 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-6995 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6995.html CVE-2024-6995 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-6996 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6996.html CVE-2024-6996 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-6997 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6997.html CVE-2024-6997 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-6998 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6998.html CVE-2024-6998 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-6999 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6999.html CVE-2024-6999 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-7000 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7000.html CVE-2024-7000 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-7001 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7001.html CVE-2024-7001 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2024-7003 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7003.html CVE-2024-7003 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) CVE-2024-7004 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7004.html CVE-2024-7004 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) CVE-2024-7005 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7005.html CVE-2024-7005 https://bugzilla.suse.com/1228940 SUSE Bug 1228940 Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-7255 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7255.html CVE-2024-7255 https://bugzilla.suse.com/1228628 SUSE Bug 1228628 Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVE-2024-7256 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7256.html CVE-2024-7256 https://bugzilla.suse.com/1228628 SUSE Bug 1228628 Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVE-2024-7532 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7532.html CVE-2024-7532 https://bugzilla.suse.com/1228941 SUSE Bug 1228941 Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7533 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7533.html CVE-2024-7533 https://bugzilla.suse.com/1228941 SUSE Bug 1228941 Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7534 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7534.html CVE-2024-7534 https://bugzilla.suse.com/1228941 SUSE Bug 1228941 Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7535 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7535.html CVE-2024-7535 https://bugzilla.suse.com/1228941 SUSE Bug 1228941 Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7536 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7536.html CVE-2024-7536 https://bugzilla.suse.com/1228941 SUSE Bug 1228941 Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-7550 openSUSE Tumbleweed:chromedriver-127.0.6533.119-1.1 openSUSE Tumbleweed:chromium-127.0.6533.119-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-7550.html CVE-2024-7550 https://bugzilla.suse.com/1228941 SUSE Bug 1228941