Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0092-1 Final 1 1 2023-04-19T15:21:29Z current 2023-04-19T15:21:29Z 2023-04-19T15:21:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: - Chromium 112.0.5615.121: * CVE-2023-2033: Type Confusion in V8 (boo#1210478) - Chromium 112.0.5615.49 * CSS now supports nesting rules. * The algorithm to set the initial focus on <dialog> elements was updated. * No-op fetch() handlers on service workers are skipped from now on to make navigations faster * The setter for document.domain is now deprecated. * The recorder in devtools can now record with pierce selectors. * Security fixes (boo#1210126): * CVE-2023-1810: Heap buffer overflow in Visuals * CVE-2023-1811: Use after free in Frames * CVE-2023-1812: Out of bounds memory access in DOM Bindings * CVE-2023-1813: Inappropriate implementation in Extensions * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing * CVE-2023-1815: Use after free in Networking APIs * CVE-2023-1816: Incorrect security UI in Picture In Picture * CVE-2023-1817: Insufficient policy enforcement in Intents * CVE-2023-1818: Use after free in Vulkan * CVE-2023-1819: Out of bounds read in Accessibility * CVE-2023-1820: Heap buffer overflow in Browser History * CVE-2023-1821: Inappropriate implementation in WebShare * CVE-2023-1822: Incorrect security UI in Navigation * CVE-2023-1823: Inappropriate implementation in FedCM - Chromium 111.0.5563.147: * nth-child() validation performance regression for SAP apps The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-92 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ E-Mail link for openSUSE-SU-2023:0092-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1210126 SUSE Bug 1210126 https://bugzilla.suse.com/1210478 SUSE Bug 1210478 https://www.suse.com/security/cve/CVE-2023-1810/ SUSE CVE CVE-2023-1810 page https://www.suse.com/security/cve/CVE-2023-1811/ SUSE CVE CVE-2023-1811 page https://www.suse.com/security/cve/CVE-2023-1812/ SUSE CVE CVE-2023-1812 page https://www.suse.com/security/cve/CVE-2023-1813/ SUSE CVE CVE-2023-1813 page https://www.suse.com/security/cve/CVE-2023-1814/ SUSE CVE CVE-2023-1814 page https://www.suse.com/security/cve/CVE-2023-1815/ SUSE CVE CVE-2023-1815 page https://www.suse.com/security/cve/CVE-2023-1816/ SUSE CVE CVE-2023-1816 page https://www.suse.com/security/cve/CVE-2023-1817/ SUSE CVE CVE-2023-1817 page https://www.suse.com/security/cve/CVE-2023-1818/ SUSE CVE CVE-2023-1818 page https://www.suse.com/security/cve/CVE-2023-1819/ SUSE CVE CVE-2023-1819 page https://www.suse.com/security/cve/CVE-2023-1820/ SUSE CVE CVE-2023-1820 page https://www.suse.com/security/cve/CVE-2023-1821/ SUSE CVE CVE-2023-1821 page https://www.suse.com/security/cve/CVE-2023-1822/ SUSE CVE CVE-2023-1822 page https://www.suse.com/security/cve/CVE-2023-1823/ SUSE CVE CVE-2023-1823 page https://www.suse.com/security/cve/CVE-2023-2033/ SUSE CVE CVE-2023-2033 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 chromedriver-112.0.5615.121-bp154.2.79.1 chromium-112.0.5615.121-bp154.2.79.1 chromedriver-112.0.5615.121-bp154.2.79.1 as a component of SUSE Package Hub 15 SP4 chromium-112.0.5615.121-bp154.2.79.1 as a component of SUSE Package Hub 15 SP4 chromedriver-112.0.5615.121-bp154.2.79.1 as a component of openSUSE Leap 15.4 chromium-112.0.5615.121-bp154.2.79.1 as a component of openSUSE Leap 15.4 Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1810 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1810.html CVE-2023-1810 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-1811 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1811.html CVE-2023-1811 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1812 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1812.html CVE-2023-1812 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1813 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1813.html CVE-2023-1813 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1814 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1814.html CVE-2023-1814 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1815 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1815.html CVE-2023-1815 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1816 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1816.html CVE-2023-1816 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1817 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1817.html CVE-2023-1817 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1818 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1818.html CVE-2023-1818 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1819 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1819.html CVE-2023-1819 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-1820 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1820.html CVE-2023-1820 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) CVE-2023-1821 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1821.html CVE-2023-1821 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) CVE-2023-1822 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1822.html CVE-2023-1822 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) CVE-2023-1823 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-1823.html CVE-2023-1823 https://bugzilla.suse.com/1210126 SUSE Bug 1210126 Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-2033 SUSE Package Hub 15 SP4:chromedriver-112.0.5615.121-bp154.2.79.1 SUSE Package Hub 15 SP4:chromium-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromedriver-112.0.5615.121-bp154.2.79.1 openSUSE Leap 15.4:chromium-112.0.5615.121-bp154.2.79.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRCY3MMGSLE74IM7LN5E42APXAOQ5ZQG/ https://www.suse.com/security/cve/CVE-2023-2033.html CVE-2023-2033 https://bugzilla.suse.com/1210478 SUSE Bug 1210478