Lucene search

K
osvGoogleOSV:OPENSUSE-SU-2024:0258-2
HistoryAug 23, 2024 - 9:15 a.m.

Security update for chromium

2024-08-2309:15:52
Google
osv.dev
4
chromium
update
cve-2024-7964
passwords
cve-2024-7965
v8
cve-2024-7966
skia
cve-2024-7967
fonts
cve-2024-7968
autofill
cve-2024-7969
type confusion
cve-2024-7971
cve-2024-7972
pdfium
cve-2024-7973
v8 api
cve-2024-7974
permissions
cve-2024-7975
fedcm
cve-2024-7976
installer
cve-2024-7977
data transfer
cve-2024-7978
cve-2024-7979
views
cve-2024-7980
webapp installs
cve-2024-8033
custom tabs
cve-2024-8034
extensions
cve-2024-8035
security fix
internal audits
fuzzing

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.191

Percentile

96.4%

This update for chromium fixes the following issues:

  • Chromium 128.0.6613.84 (boo#1229591)
    • CVE-2024-7964: Use after free in Passwords
    • CVE-2024-7965: Inappropriate implementation in V8
    • CVE-2024-7966: Out of bounds memory access in Skia
    • CVE-2024-7967: Heap buffer overflow in Fonts
    • CVE-2024-7968: Use after free in Autofill
    • CVE-2024-7969: Type Confusion in V8
    • CVE-2024-7971: Type confusion in V8
    • CVE-2024-7972: Inappropriate implementation in V8
    • CVE-2024-7973: Heap buffer overflow in PDFium
    • CVE-2024-7974: Insufficient data validation in V8 API
    • CVE-2024-7975: Inappropriate implementation in Permissions
    • CVE-2024-7976: Inappropriate implementation in FedCM
    • CVE-2024-7977: Insufficient data validation in Installer
    • CVE-2024-7978: Insufficient policy enforcement in Data Transfer
    • CVE-2024-7979: Insufficient data validation in Installer
    • CVE-2024-7980: Insufficient data validation in Installer
    • CVE-2024-7981: Inappropriate implementation in Views
    • CVE-2024-8033: Inappropriate implementation in WebApp Installs
    • CVE-2024-8034: Inappropriate implementation in Custom Tabs
    • CVE-2024-8035: Inappropriate implementation in Extensions
    • Various fixes from internal audits, fuzzing and other initiatives

References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.191

Percentile

96.4%