{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"126.0.6478.126-bp156.2.6.1","chromium":"126.0.6478.126-bp156.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"126.0.6478.126-bp156.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"126.0.6478.126-bp156.2.6.1","chromium":"126.0.6478.126-bp156.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"126.0.6478.126-bp156.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"126.0.6478.126-bp156.2.6.1","chromium":"126.0.6478.126-bp156.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"126.0.6478.126-bp156.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"126.0.6478.126-bp156.2.6.1","chromium":"126.0.6478.126-bp156.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"126.0.6478.126-bp156.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nChromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)\n\n  * CVE-2024-6290: Use after free in Dawn\n  * CVE-2024-6291: Use after free in Swiftshader\n  * CVE-2024-6292: Use after free in Dawn\n  * CVE-2024-6293: Use after free in Dawn\n  * CVE-2024-6100: Type Confusion in V8\n  * CVE-2024-6101: Inappropriate implementation in WebAssembly\n  * CVE-2024-6102: Out of bounds memory access in Dawn\n  * CVE-2024-6103: Use after free in Dawn\n  * CVE-2024-5830: Type Confusion in V8\n  * CVE-2024-5831: Use after free in Dawn\n  * CVE-2024-5832: Use after free in Dawn\n  * CVE-2024-5833: Type Confusion in V8\n  * CVE-2024-5834: Inappropriate implementation in Dawn\n  * CVE-2024-5835: Heap buffer overflow in Tab Groups\n  * CVE-2024-5836: Inappropriate Implementation in DevTools\n  * CVE-2024-5837: Type Confusion in V8\n  * CVE-2024-5838: Type Confusion in V8\n  * CVE-2024-5839: Inappropriate Implementation in Memory Allocator\n  * CVE-2024-5840: Policy Bypass in CORS\n  * CVE-2024-5841: Use after free in V8\n  * CVE-2024-5842: Use after free in Browser UI\n  * CVE-2024-5843: Inappropriate implementation in Downloads\n  * CVE-2024-5844: Heap buffer overflow in Tab Strip\n  * CVE-2024-5845: Use after free in Audio\n  * CVE-2024-5846: Use after free in PDFium\n  * CVE-2024-5847: Use after free in PDFium\n\n- Amend fix_building_widevinecdm_with_chromium.patch to allow\n  Widevine on ARM64 (boo#1226170)\n","id":"openSUSE-SU-2024:0204-1","modified":"2024-07-18T18:10:25Z","published":"2024-07-18T18:10:25Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M5T6NMGYYELQHJOU75BSCQDFQVQRR5I7/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226170"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226205"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226504"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226933"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5830"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5831"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5832"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5833"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5835"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5837"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5838"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5839"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5841"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5842"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5843"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5844"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5845"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5846"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-5847"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6100"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6292"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6293"}],"related":["CVE-2024-5830","CVE-2024-5831","CVE-2024-5832","CVE-2024-5833","CVE-2024-5834","CVE-2024-5835","CVE-2024-5836","CVE-2024-5837","CVE-2024-5838","CVE-2024-5839","CVE-2024-5840","CVE-2024-5841","CVE-2024-5842","CVE-2024-5843","CVE-2024-5844","CVE-2024-5845","CVE-2024-5846","CVE-2024-5847","CVE-2024-6100","CVE-2024-6101","CVE-2024-6102","CVE-2024-6103","CVE-2024-6290","CVE-2024-6291","CVE-2024-6292","CVE-2024-6293"],"summary":"Security update for chromium","upstream":["CVE-2024-5830","CVE-2024-5831","CVE-2024-5832","CVE-2024-5833","CVE-2024-5834","CVE-2024-5835","CVE-2024-5836","CVE-2024-5837","CVE-2024-5838","CVE-2024-5839","CVE-2024-5840","CVE-2024-5841","CVE-2024-5842","CVE-2024-5843","CVE-2024-5844","CVE-2024-5845","CVE-2024-5846","CVE-2024-5847","CVE-2024-6100","CVE-2024-6101","CVE-2024-6102","CVE-2024-6103","CVE-2024-6290","CVE-2024-6291","CVE-2024-6292","CVE-2024-6293"]}