Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0237-1 Final 1 1 2023-08-28T15:17:03Z current 2023-08-28T15:17:03Z 2023-08-28T15:17:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 116.0.5845.110 (boo#1214487): * CVE-2023-4427: Out of bounds memory access in V8 * CVE-2023-4428: Out of bounds memory access in CSS * CVE-2023-4429: Use after free in Loader * CVE-2023-4430: Use after free in Vulkan * CVE-2023-4431: Out of bounds memory access in Fonts The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-237 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H37YYMY3746JCGEKWXZITPFMBMSHFECF/ E-Mail link for openSUSE-SU-2023:0237-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214487 SUSE Bug 1214487 https://www.suse.com/security/cve/CVE-2023-4427/ SUSE CVE CVE-2023-4427 page https://www.suse.com/security/cve/CVE-2023-4428/ SUSE CVE CVE-2023-4428 page https://www.suse.com/security/cve/CVE-2023-4429/ SUSE CVE CVE-2023-4429 page https://www.suse.com/security/cve/CVE-2023-4430/ SUSE CVE CVE-2023-4430 page https://www.suse.com/security/cve/CVE-2023-4431/ SUSE CVE CVE-2023-4431 page SUSE Package Hub 15 SP4 SUSE Package Hub 15 SP5 openSUSE Leap 15.4 openSUSE Leap 15.5 chromedriver-116.0.5845.110-bp155.2.22.1 chromium-116.0.5845.110-bp155.2.22.1 chromedriver-116.0.5845.110-bp155.2.22.1 as a component of SUSE Package Hub 15 SP4 chromium-116.0.5845.110-bp155.2.22.1 as a component of SUSE Package Hub 15 SP4 chromedriver-116.0.5845.110-bp155.2.22.1 as a component of SUSE Package Hub 15 SP5 chromium-116.0.5845.110-bp155.2.22.1 as a component of SUSE Package Hub 15 SP5 chromedriver-116.0.5845.110-bp155.2.22.1 as a component of openSUSE Leap 15.4 chromium-116.0.5845.110-bp155.2.22.1 as a component of openSUSE Leap 15.4 chromedriver-116.0.5845.110-bp155.2.22.1 as a component of openSUSE Leap 15.5 chromium-116.0.5845.110-bp155.2.22.1 as a component of openSUSE Leap 15.5 Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CVE-2023-4427 SUSE Package Hub 15 SP4:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP4:chromium-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromium-116.0.5845.110-bp155.2.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H37YYMY3746JCGEKWXZITPFMBMSHFECF/ https://www.suse.com/security/cve/CVE-2023-4427.html CVE-2023-4427 https://bugzilla.suse.com/1214487 SUSE Bug 1214487 Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CVE-2023-4428 SUSE Package Hub 15 SP4:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP4:chromium-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromium-116.0.5845.110-bp155.2.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H37YYMY3746JCGEKWXZITPFMBMSHFECF/ https://www.suse.com/security/cve/CVE-2023-4428.html CVE-2023-4428 https://bugzilla.suse.com/1214487 SUSE Bug 1214487 Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-4429 SUSE Package Hub 15 SP4:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP4:chromium-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromium-116.0.5845.110-bp155.2.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H37YYMY3746JCGEKWXZITPFMBMSHFECF/ https://www.suse.com/security/cve/CVE-2023-4429.html CVE-2023-4429 https://bugzilla.suse.com/1214487 SUSE Bug 1214487 Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-4430 SUSE Package Hub 15 SP4:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP4:chromium-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromium-116.0.5845.110-bp155.2.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H37YYMY3746JCGEKWXZITPFMBMSHFECF/ https://www.suse.com/security/cve/CVE-2023-4430.html CVE-2023-4430 https://bugzilla.suse.com/1214487 SUSE Bug 1214487 Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-4431 SUSE Package Hub 15 SP4:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP4:chromium-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromedriver-116.0.5845.110-bp155.2.22.1 SUSE Package Hub 15 SP5:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.4:chromium-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromedriver-116.0.5845.110-bp155.2.22.1 openSUSE Leap 15.5:chromium-116.0.5845.110-bp155.2.22.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H37YYMY3746JCGEKWXZITPFMBMSHFECF/ https://www.suse.com/security/cve/CVE-2023-4431.html CVE-2023-4431 https://bugzilla.suse.com/1214487 SUSE Bug 1214487