Lucene search

GoogleOSV:OPENSUSE-SU-2024:0155-1

HistoryJun 10, 2024 - 7:34 a.m.

Security update for chromium

2024-06-1007:34:08

Google

osv.dev

chromium

update

fixes

webrtc

dawn

media session

keyboard inputs

presentation api

streams api

security

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

JSON

This update for chromium fixes the following issues:

Chromium 125.0.6422.141 (boo#1225690)

CVE-2024-5493: Heap buffer overflow in WebRTC
CVE-2024-5494: Use after free in Dawn
CVE-2024-5495: Use after free in Dawn
CVE-2024-5496: Use after free in Media Session
CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
CVE-2024-5498: Use after free in Presentation API
CVE-2024-5499: Out of bounds write in Streams API

References

bugzilla.suse.com/1225690

lists.opensuse.org/archives/list/[email protected]/thread/HBOKUIMO47RBZX3ETJFLLOQ75WGAFHHU/

www.suse.com/security/cve/CVE-2024-5493

www.suse.com/security/cve/CVE-2024-5494

www.suse.com/security/cve/CVE-2024-5495

www.suse.com/security/cve/CVE-2024-5496

www.suse.com/security/cve/CVE-2024-5497

www.suse.com/security/cve/CVE-2024-5498

www.suse.com/security/cve/CVE-2024-5499

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

JSON

Related for OSV:OPENSUSE-SU-2024:0155-1