openSUSE-SU-2023:0117-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
_______________________________
Announcement ID: openSUSE-SU-2023:0117-1
Rating: important
References: #1211036 #1211211 #1211442
Cross-References: CVE-2023-2459 CVE-2023-2460 CVE-2023-2461
CVE-2023-2462 CVE-2023-2463 CVE-2023-2464
CVE-2023-2465 CVE-2023-2466 CVE-2023-2467
CVE-2023-2468 CVE-2023-2721 CVE-2023-2722
CVE-2023-2723 CVE-2023-2724 CVE-2023-2725
CVE-2023-2726
CVSS scores:
CVE-2023-2459 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-2460 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CVE-2023-2461 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-2462 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-2463 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-2464 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-2465 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-2466 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-2467 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-2468 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-2721 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-2722 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-2723 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-2724 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-2725 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-2726 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
_______________________________
An update that fixes 16 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
- build with llvm15 on Leap
- Chromium 113.0.5672.126 (boo#1211442):
* CVE-2023-2721: Use after free in Navigation
* CVE-2023-2722: Use after free in Autofill UI
* CVE-2023-2723: Use after free in DevTools
* CVE-2023-2724: Type Confusion in V8
* CVE-2023-2725: Use after free in Guest View
* CVE-2023-2726: Inappropriate implementation in WebApp Installs
* Various fixes from internal audits, fuzzing and other initiatives
- Chromium 113.0.5672.92 (boo#1211211)
- Multiple security fixes (boo#1211036):
* CVE-2023-2459: Inappropriate implementation in Prompts
* CVE-2023-2460: Insufficient validation of untrusted input in Extensions
* CVE-2023-2461: Use after free in OS Inputs
* CVE-2023-2462: Inappropriate implementation in Prompts
* CVE-2023-2463: Inappropriate implementation in Full Screen Mode
* CVE-2023-2464: Inappropriate implementation in PictureInPicture
* CVE-2023-2465: Inappropriate implementation in CORS
* CVE-2023-2466: Inappropriate implementation in Prompts
* CVE-2023-2467: Inappropriate implementation in Prompts
* CVE-2023-2468: Inappropriate implementation in PictureInPicture
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-117=1
Package List:
- openSUSE Backports SLE-15-SP4 (x86_64):
chromedriver-113.0.5672.126-bp154.2.87.1
chromium-113.0.5672.126-bp154.2.87.1
References:
https://www.suse.com/security/cve/CVE-2023-2459.html
https://www.suse.com/security/cve/CVE-2023-2460.html
https://www.suse.com/security/cve/CVE-2023-2461.html
https://www.suse.com/security/cve/CVE-2023-2462.html
https://www.suse.com/security/cve/CVE-2023-2463.html
https://www.suse.com/security/cve/CVE-2023-2464.html
https://www.suse.com/security/cve/CVE-2023-2465.html
https://www.suse.com/security/cve/CVE-2023-2466.html
https://www.suse.com/security/cve/CVE-2023-2467.html
https://www.suse.com/security/cve/CVE-2023-2468.html
https://www.suse.com/security/cve/CVE-2023-2721.html
https://www.suse.com/security/cve/CVE-2023-2722.html
https://www.suse.com/security/cve/CVE-2023-2723.html
https://www.suse.com/security/cve/CVE-2023-2724.html
https://www.suse.com/security/cve/CVE-2023-2725.html
https://www.suse.com/security/cve/CVE-2023-2726.html
https://bugzilla.suse.com/1211036
https://bugzilla.suse.com/1211211
https://bugzilla.suse.com/1211442
A chromium security update has been released for SUSE Linux Enterprise 15 SP4.