SUSE 5181 Published by

A chromium security update has been released for SUSE Linux Enterprise 15 SP5:

openSUSE-SU-2024:0204-1: important: Security update for chromium




openSUSE-SU-2024:0204-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2024:0204-1
Rating: important
References: #1226170 #1226205 #1226504 #1226933
Cross-References: CVE-2024-5830 CVE-2024-5831 CVE-2024-5832
CVE-2024-5833 CVE-2024-5834 CVE-2024-5835
CVE-2024-5836 CVE-2024-5837 CVE-2024-5838
CVE-2024-5839 CVE-2024-5840 CVE-2024-5841
CVE-2024-5842 CVE-2024-5843 CVE-2024-5844
CVE-2024-5845 CVE-2024-5846 CVE-2024-5847
CVE-2024-6100 CVE-2024-6101 CVE-2024-6102
CVE-2024-6103 CVE-2024-6290 CVE-2024-6291
CVE-2024-6292 CVE-2024-6293
CVSS scores:
CVE-2024-5830 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5831 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5832 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5833 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5834 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5835 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5836 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5837 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5838 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5839 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2024-5840 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2024-5841 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5842 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5843 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2024-5844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5845 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5846 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-5847 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-6100 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-6101 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-6102 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-6103 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________

An update that fixes 26 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)

* CVE-2024-6290: Use after free in Dawn
* CVE-2024-6291: Use after free in Swiftshader
* CVE-2024-6292: Use after free in Dawn
* CVE-2024-6293: Use after free in Dawn
* CVE-2024-6100: Type Confusion in V8
* CVE-2024-6101: Inappropriate implementation in WebAssembly
* CVE-2024-6102: Out of bounds memory access in Dawn
* CVE-2024-6103: Use after free in Dawn
* CVE-2024-5830: Type Confusion in V8
* CVE-2024-5831: Use after free in Dawn
* CVE-2024-5832: Use after free in Dawn
* CVE-2024-5833: Type Confusion in V8
* CVE-2024-5834: Inappropriate implementation in Dawn
* CVE-2024-5835: Heap buffer overflow in Tab Groups
* CVE-2024-5836: Inappropriate Implementation in DevTools
* CVE-2024-5837: Type Confusion in V8
* CVE-2024-5838: Type Confusion in V8
* CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* CVE-2024-5840: Policy Bypass in CORS
* CVE-2024-5841: Use after free in V8
* CVE-2024-5842: Use after free in Browser UI
* CVE-2024-5843: Inappropriate implementation in Downloads
* CVE-2024-5844: Heap buffer overflow in Tab Strip
* CVE-2024-5845: Use after free in Audio
* CVE-2024-5846: Use after free in PDFium
* CVE-2024-5847: Use after free in PDFium

- Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on
ARM64 (boo#1226170)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-204=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):

chromedriver-126.0.6478.126-bp155.2.94.1
chromium-126.0.6478.126-bp155.2.94.1

References:

https://www.suse.com/security/cve/CVE-2024-5830.html
https://www.suse.com/security/cve/CVE-2024-5831.html
https://www.suse.com/security/cve/CVE-2024-5832.html
https://www.suse.com/security/cve/CVE-2024-5833.html
https://www.suse.com/security/cve/CVE-2024-5834.html
https://www.suse.com/security/cve/CVE-2024-5835.html
https://www.suse.com/security/cve/CVE-2024-5836.html
https://www.suse.com/security/cve/CVE-2024-5837.html
https://www.suse.com/security/cve/CVE-2024-5838.html
https://www.suse.com/security/cve/CVE-2024-5839.html
https://www.suse.com/security/cve/CVE-2024-5840.html
https://www.suse.com/security/cve/CVE-2024-5841.html
https://www.suse.com/security/cve/CVE-2024-5842.html
https://www.suse.com/security/cve/CVE-2024-5843.html
https://www.suse.com/security/cve/CVE-2024-5844.html
https://www.suse.com/security/cve/CVE-2024-5845.html
https://www.suse.com/security/cve/CVE-2024-5846.html
https://www.suse.com/security/cve/CVE-2024-5847.html
https://www.suse.com/security/cve/CVE-2024-6100.html
https://www.suse.com/security/cve/CVE-2024-6101.html
https://www.suse.com/security/cve/CVE-2024-6102.html
https://www.suse.com/security/cve/CVE-2024-6103.html
https://www.suse.com/security/cve/CVE-2024-6290.html
https://www.suse.com/security/cve/CVE-2024-6291.html
https://www.suse.com/security/cve/CVE-2024-6292.html
https://www.suse.com/security/cve/CVE-2024-6293.html
https://bugzilla.suse.com/1226170
https://bugzilla.suse.com/1226205
https://bugzilla.suse.com/1226504
https://bugzilla.suse.com/1226933