Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0082-1 Final 1 1 2023-03-27T11:03:36Z current 2023-03-27T11:03:36Z 2023-03-27T11:03:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 111.0.5563.110 (boo#1209598) * CVE-2023-1528: Use after free in Passwords * CVE-2023-1529: Out of bounds memory access in WebHID * CVE-2023-1530: Use after free in PDF * CVE-2023-1531: Use after free in ANGLE * CVE-2023-1532: Out of bounds read in GPU Video * CVE-2023-1533: Use after free in WebProtect * CVE-2023-1534: Out of bounds read in ANGLE The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-82 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ E-Mail link for openSUSE-SU-2023:0082-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1209598 SUSE Bug 1209598 https://www.suse.com/security/cve/CVE-2023-1528/ SUSE CVE CVE-2023-1528 page https://www.suse.com/security/cve/CVE-2023-1529/ SUSE CVE CVE-2023-1529 page https://www.suse.com/security/cve/CVE-2023-1530/ SUSE CVE CVE-2023-1530 page https://www.suse.com/security/cve/CVE-2023-1531/ SUSE CVE CVE-2023-1531 page https://www.suse.com/security/cve/CVE-2023-1532/ SUSE CVE CVE-2023-1532 page https://www.suse.com/security/cve/CVE-2023-1533/ SUSE CVE CVE-2023-1533 page https://www.suse.com/security/cve/CVE-2023-1534/ SUSE CVE CVE-2023-1534 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 chromedriver-111.0.5563.110-bp154.2.76.1 chromium-111.0.5563.110-bp154.2.76.1 chromedriver-111.0.5563.110-bp154.2.76.1 as a component of SUSE Package Hub 15 SP4 chromium-111.0.5563.110-bp154.2.76.1 as a component of SUSE Package Hub 15 SP4 chromedriver-111.0.5563.110-bp154.2.76.1 as a component of openSUSE Leap 15.4 chromium-111.0.5563.110-bp154.2.76.1 as a component of openSUSE Leap 15.4 Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1528 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1528.html CVE-2023-1528 https://bugzilla.suse.com/1209598 SUSE Bug 1209598 Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) CVE-2023-1529 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1529.html CVE-2023-1529 https://bugzilla.suse.com/1209598 SUSE Bug 1209598 Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1530 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1530.html CVE-2023-1530 https://bugzilla.suse.com/1209598 SUSE Bug 1209598 Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1531 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1531.html CVE-2023-1531 https://bugzilla.suse.com/1209598 SUSE Bug 1209598 Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1532 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1532.html CVE-2023-1532 https://bugzilla.suse.com/1209598 SUSE Bug 1209598 Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1533 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1533.html CVE-2023-1533 https://bugzilla.suse.com/1209598 SUSE Bug 1209598 Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1534 SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1 SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1 openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/ https://www.suse.com/security/cve/CVE-2023-1534.html CVE-2023-1534 https://bugzilla.suse.com/1209598 SUSE Bug 1209598