openSUSE-SU-2023:0068-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0068-1
Rating: important
References: #1209040
Cross-References: CVE-2023-1213 CVE-2023-1214 CVE-2023-1215
CVE-2023-1216 CVE-2023-1217 CVE-2023-1218
CVE-2023-1219 CVE-2023-1220 CVE-2023-1221
CVE-2023-1222 CVE-2023-1223 CVE-2023-1224
CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
CVE-2023-1228 CVE-2023-1229 CVE-2023-1230
CVE-2023-1231 CVE-2023-1232 CVE-2023-1233
CVE-2023-1234 CVE-2023-1235 CVE-2023-1236
CVSS scores:
CVE-2023-1213 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1214 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1216 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1217 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2023-1218 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1219 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1220 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1221 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1222 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1223 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-1224 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1225 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1226 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-1227 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1228 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1229 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1230 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1231 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1232 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-1233 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-1234 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1235 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2023-1236 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 24 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 111.0.5563.64
* New View Transitions API
* CSS Color Level 4
* New developer tools in style panel for color functionality
* CSS added trigonometric functions, additional root font units and
extended the n-th child pseudo selector.
* previousslide and nextslide actions are now part of the Media Session API
* A number of security fixes (boo#1209040)
* CVE-2023-1213: Use after free in Swiftshader
* CVE-2023-1214: Type Confusion in V8
* CVE-2023-1215: Type Confusion in CSS
* CVE-2023-1216: Use after free in DevTools
* CVE-2023-1217: Stack buffer overflow in Crash reporting
* CVE-2023-1218: Use after free in WebRTC
* CVE-2023-1219: Heap buffer overflow in Metrics
* CVE-2023-1220: Heap buffer overflow in UMA
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
* CVE-2023-1222: Heap buffer overflow in Web Audio API
* CVE-2023-1223: Insufficient policy enforcement in Autofill
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
* CVE-2023-1225: Insufficient policy enforcement in Navigation
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
* CVE-2023-1227: Use after free in Core
* CVE-2023-1228: Insufficient policy enforcement in Intents
* CVE-2023-1229: Inappropriate implementation in Permission prompts
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
* CVE-2023-1231: Inappropriate implementation in Autofill
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* CVE-2023-1234: Inappropriate implementation in Intents
* CVE-2023-1235: Type Confusion in DevTools
* CVE-2023-1236: Inappropriate implementation in Internals
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-68=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-111.0.5563.64-bp154.2.73.1
chromium-111.0.5563.64-bp154.2.73.1
References:
https://www.suse.com/security/cve/CVE-2023-1213.html
https://www.suse.com/security/cve/CVE-2023-1214.html
https://www.suse.com/security/cve/CVE-2023-1215.html
https://www.suse.com/security/cve/CVE-2023-1216.html
https://www.suse.com/security/cve/CVE-2023-1217.html
https://www.suse.com/security/cve/CVE-2023-1218.html
https://www.suse.com/security/cve/CVE-2023-1219.html
https://www.suse.com/security/cve/CVE-2023-1220.html
https://www.suse.com/security/cve/CVE-2023-1221.html
https://www.suse.com/security/cve/CVE-2023-1222.html
https://www.suse.com/security/cve/CVE-2023-1223.html
https://www.suse.com/security/cve/CVE-2023-1224.html
https://www.suse.com/security/cve/CVE-2023-1225.html
https://www.suse.com/security/cve/CVE-2023-1226.html
https://www.suse.com/security/cve/CVE-2023-1227.html
https://www.suse.com/security/cve/CVE-2023-1228.html
https://www.suse.com/security/cve/CVE-2023-1229.html
https://www.suse.com/security/cve/CVE-2023-1230.html
https://www.suse.com/security/cve/CVE-2023-1231.html
https://www.suse.com/security/cve/CVE-2023-1232.html
https://www.suse.com/security/cve/CVE-2023-1233.html
https://www.suse.com/security/cve/CVE-2023-1234.html
https://www.suse.com/security/cve/CVE-2023-1235.html
https://www.suse.com/security/cve/CVE-2023-1236.html
https://bugzilla.suse.com/1209040
A chromium security update has been released for SUSE Linux Enterprise 15 SP4.
