SUSE 5000 Published by

A chromium security update has been released for SUSE Linux Enterprise 15 SP4.



openSUSE-SU-2023:0068-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID: openSUSE-SU-2023:0068-1
Rating: important
References: #1209040
Cross-References: CVE-2023-1213 CVE-2023-1214 CVE-2023-1215
CVE-2023-1216 CVE-2023-1217 CVE-2023-1218
CVE-2023-1219 CVE-2023-1220 CVE-2023-1221
CVE-2023-1222 CVE-2023-1223 CVE-2023-1224
CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
CVE-2023-1228 CVE-2023-1229 CVE-2023-1230
CVE-2023-1231 CVE-2023-1232 CVE-2023-1233
CVE-2023-1234 CVE-2023-1235 CVE-2023-1236

CVSS scores:
CVE-2023-1213 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1214 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1215 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1216 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1217 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2023-1218 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1219 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1220 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1221 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1222 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1223 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-1224 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1225 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1226 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-1227 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-1228 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1229 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1230 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1231 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1232 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-1233 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2023-1234 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-1235 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2023-1236 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________

An update that fixes 24 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 111.0.5563.64

* New View Transitions API
* CSS Color Level 4
* New developer tools in style panel for color functionality
* CSS added trigonometric functions, additional root font units and
extended the n-th child pseudo selector.
* previousslide and nextslide actions are now part of the Media Session API
* A number of security fixes (boo#1209040)
* CVE-2023-1213: Use after free in Swiftshader
* CVE-2023-1214: Type Confusion in V8
* CVE-2023-1215: Type Confusion in CSS
* CVE-2023-1216: Use after free in DevTools
* CVE-2023-1217: Stack buffer overflow in Crash reporting
* CVE-2023-1218: Use after free in WebRTC
* CVE-2023-1219: Heap buffer overflow in Metrics
* CVE-2023-1220: Heap buffer overflow in UMA
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
* CVE-2023-1222: Heap buffer overflow in Web Audio API
* CVE-2023-1223: Insufficient policy enforcement in Autofill
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
* CVE-2023-1225: Insufficient policy enforcement in Navigation
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
* CVE-2023-1227: Use after free in Core
* CVE-2023-1228: Insufficient policy enforcement in Intents
* CVE-2023-1229: Inappropriate implementation in Permission prompts
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
* CVE-2023-1231: Inappropriate implementation in Autofill
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* CVE-2023-1234: Inappropriate implementation in Intents
* CVE-2023-1235: Type Confusion in DevTools
* CVE-2023-1236: Inappropriate implementation in Internals

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-68=1


Package List:

- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):

chromedriver-111.0.5563.64-bp154.2.73.1
chromium-111.0.5563.64-bp154.2.73.1

References:

  https://www.suse.com/security/cve/CVE-2023-1213.html
  https://www.suse.com/security/cve/CVE-2023-1214.html
  https://www.suse.com/security/cve/CVE-2023-1215.html
  https://www.suse.com/security/cve/CVE-2023-1216.html
  https://www.suse.com/security/cve/CVE-2023-1217.html
  https://www.suse.com/security/cve/CVE-2023-1218.html
  https://www.suse.com/security/cve/CVE-2023-1219.html
  https://www.suse.com/security/cve/CVE-2023-1220.html
  https://www.suse.com/security/cve/CVE-2023-1221.html
  https://www.suse.com/security/cve/CVE-2023-1222.html
  https://www.suse.com/security/cve/CVE-2023-1223.html
  https://www.suse.com/security/cve/CVE-2023-1224.html
  https://www.suse.com/security/cve/CVE-2023-1225.html
  https://www.suse.com/security/cve/CVE-2023-1226.html
  https://www.suse.com/security/cve/CVE-2023-1227.html
  https://www.suse.com/security/cve/CVE-2023-1228.html
  https://www.suse.com/security/cve/CVE-2023-1229.html
  https://www.suse.com/security/cve/CVE-2023-1230.html
  https://www.suse.com/security/cve/CVE-2023-1231.html
  https://www.suse.com/security/cve/CVE-2023-1232.html
  https://www.suse.com/security/cve/CVE-2023-1233.html
  https://www.suse.com/security/cve/CVE-2023-1234.html
  https://www.suse.com/security/cve/CVE-2023-1235.html
  https://www.suse.com/security/cve/CVE-2023-1236.html
  https://bugzilla.suse.com/1209040