Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-3832 (GCVE-0-2024-3832)
Vulnerability from cvelistv5
Published
2024-04-17 07:46
Modified
2025-03-14 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Object corruption
Summary
Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:56.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://issues.chromium.org/issues/331358160"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chrome",
"vendor": "google",
"versions": [
{
"lessThan": "124.0.6367.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "39"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "40"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T20:00:59.445196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T00:40:39.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "124.0.6367.60",
"status": "affected",
"version": "124.0.6367.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-23T18:06:08.960Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"url": "https://issues.chromium.org/issues/331358160"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-3832",
"datePublished": "2024-04-17T07:46:09.987Z",
"dateReserved": "2024-04-15T17:25:25.106Z",
"dateUpdated": "2025-03-14T00:40:39.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3832\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2024-04-17T08:15:10.190\",\"lastModified\":\"2025-03-14T01:15:40.037\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"La corrupci\u00f3n de objetos en V8 en Google Chrome anterior a 124.0.6367.60 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de objetos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"124.0.6367.60\",\"matchCriteriaId\":\"AFB90495-B48B-4020-A2CC-51D77CABEB72\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/331358160\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/331358160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://issues.chromium.org/issues/331358160\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:26:56.070Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3832\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-14T20:00:59.445196Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"124.0.6367.60\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\"], \"vendor\": \"fedoraproject\", \"product\": \"fedora\", \"versions\": [{\"status\": \"affected\", \"version\": \"38\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\"], \"vendor\": \"fedoraproject\", \"product\": \"fedora\", \"versions\": [{\"status\": \"affected\", \"version\": \"39\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\"], \"vendor\": \"fedoraproject\", \"product\": \"fedora\", \"versions\": [{\"status\": \"affected\", \"version\": \"40\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-14T20:02:46.272Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"124.0.6367.60\", \"lessThan\": \"124.0.6367.60\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\"}, {\"url\": \"https://issues.chromium.org/issues/331358160\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Object corruption\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-04-23T18:06:08.960Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3832\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-14T00:40:39.992Z\", \"dateReserved\": \"2024-04-15T17:25:25.106Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2024-04-17T07:46:09.987Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ghsa-qqpr-fvmc-87j3
Vulnerability from github
Published
2024-04-17 09:30
Modified
2024-08-14 21:33
Severity ?
VLAI Severity ?
Details
Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-3832"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T08:15:10Z",
"severity": "HIGH"
},
"details": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-qqpr-fvmc-87j3",
"modified": "2024-08-14T21:33:11Z",
"published": "2024-04-17T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3832"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/331358160"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2024-0912
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-12-08 23:00
Summary
Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Chrome ist ein Internet-Browser von Google.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0912 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0912.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0912 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0912"
},
{
"category": "external",
"summary": "Google Chrome Stable Channel Update for Desktop vom 2024-04-16",
"url": "http://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-12EDB9DEC8 vom 2024-04-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-12edb9dec8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5D8F4F86B0 vom 2024-04-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5d8f4f86b0"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5668 vom 2024-04-20",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00077.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-2BF39E0BA4 vom 2024-04-21",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2bf39e0ba4"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-8B50CA2E22 vom 2024-04-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-8b50ca2e22"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-DE34D9D61F vom 2024-04-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-de34d9d61f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-DECB7E94A1 vom 2024-04-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-decb7e94a1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-0C24DA3136 vom 2024-04-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0c24da3136"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-2C9BE9D949 vom 2024-04-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2c9be9d949"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-0539D2C8B0 vom 2024-04-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-0539d2c8b0"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-68B6D0DAFE vom 2024-04-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-68b6d0dafe"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5CF9499B62 vom 2024-05-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5cf9499b62"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-808F3961EF vom 2024-05-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-808f3961ef"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-F74FBCE604 vom 2024-05-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f74fbce604"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-6F1C3198F5 vom 2024-05-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6f1c3198f5"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0123-1 vom 2024-05-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0123-1 vom 2024-05-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0128-1 vom 2024-05-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QVLMJIQMVDQI2D33EDKB65KEXN6OMIRX/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0128-1 vom 2024-05-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVLMJIQMVDQI2D33EDKB65KEXN6OMIRX/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-38D250BAFC vom 2024-05-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-38d250bafc"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-3184C14A07 vom 2024-05-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3184c14a07"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0156-1 vom 2024-06-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PYKI7FIDICKYHO5TLIGQUUCUF2ATFWPR/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0156-1 vom 2024-06-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PYKI7FIDICKYHO5TLIGQUUCUF2ATFWPR/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-E60359F212 vom 2024-09-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-e60359f212"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-AAFF7345B8 vom 2024-09-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-aaff7345b8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-89511748AF vom 2024-09-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-89511748af"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-5EC6A4BB83 vom 2024-09-25",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5ec6a4bb83"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-05 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-05"
}
],
"source_lang": "en-US",
"title": "Google Chrome: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2024-12-08T23:00:00.000+00:00",
"generator": {
"date": "2024-12-09T09:20:41.940+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0912",
"initial_release_date": "2024-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian und Fedora aufgenommen"
},
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Fedora und openSUSE aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-09-23T22:00:00.000+00:00",
"number": "14",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "16"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c124.0.6367.60",
"product": {
"name": "Google Chrome \u003c124.0.6367.60",
"product_id": "T034263"
}
},
{
"category": "product_version",
"name": "124.0.6367.60",
"product": {
"name": "Google Chrome 124.0.6367.60",
"product_id": "T034263-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:124.0.6367.60"
}
}
},
{
"category": "product_version_range",
"name": "\u003c124.0.6367.61",
"product": {
"name": "Google Chrome \u003c124.0.6367.61",
"product_id": "T034264"
}
},
{
"category": "product_version",
"name": "124.0.6367.61",
"product": {
"name": "Google Chrome 124.0.6367.61",
"product_id": "T034264-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:124.0.6367.61"
}
}
}
],
"category": "product_name",
"name": "Chrome"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3832",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3832"
},
{
"cve": "CVE-2024-3833",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3833"
},
{
"cve": "CVE-2024-3834",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3834"
},
{
"cve": "CVE-2024-3837",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3837"
},
{
"cve": "CVE-2024-3838",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3838"
},
{
"cve": "CVE-2024-3839",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3839"
},
{
"cve": "CVE-2024-3840",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3840"
},
{
"cve": "CVE-2024-3841",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3841"
},
{
"cve": "CVE-2024-3843",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3843"
},
{
"cve": "CVE-2024-3844",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3844"
},
{
"cve": "CVE-2024-3845",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3845"
},
{
"cve": "CVE-2024-3846",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3846"
},
{
"cve": "CVE-2024-3847",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3847"
},
{
"cve": "CVE-2024-3914",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-3914"
},
{
"cve": "CVE-2024-7019",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-7019"
},
{
"cve": "CVE-2024-7020",
"notes": [
{
"category": "description",
"text": "In Google Chrome bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten wie V8, WebAssembly und Downloads, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Objektbesch\u00e4digung, Use-after-free, unzureichender Datenvalidierung und unangemessener Implementierung, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"2951",
"T027843",
"T034264",
"T034263",
"T012167",
"74185"
]
},
"release_date": "2024-04-16T22:00:00.000+00:00",
"title": "CVE-2024-7020"
}
]
}
wid-sec-w-2024-0928
Vulnerability from csaf_certbund
Published
2024-04-18 22:00
Modified
2024-04-18 22:00
Summary
Microsoft Edge: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Edge ist ein Web Browser von Microsoft.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Android
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Edge ist ein Web Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0928 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0928.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0928 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0928"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2024-04-18",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#april-18-2024"
}
],
"source_lang": "en-US",
"title": "Microsoft Edge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-04-18T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:07:59.747+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0928",
"initial_release_date": "2024-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c124.0.2478.51",
"product": {
"name": "Microsoft Edge \u003c124.0.2478.51",
"product_id": "T034315"
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29986",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-29986"
},
{
"cve": "CVE-2024-29987",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-29987"
},
{
"cve": "CVE-2024-29991",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-29991"
},
{
"cve": "CVE-2024-3832",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3832"
},
{
"cve": "CVE-2024-3833",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3833"
},
{
"cve": "CVE-2024-3834",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3834"
},
{
"cve": "CVE-2024-3837",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3837"
},
{
"cve": "CVE-2024-3838",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3838"
},
{
"cve": "CVE-2024-3839",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3839"
},
{
"cve": "CVE-2024-3840",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3840"
},
{
"cve": "CVE-2024-3841",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3841"
},
{
"cve": "CVE-2024-3843",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3843"
},
{
"cve": "CVE-2024-3844",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3844"
},
{
"cve": "CVE-2024-3845",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3845"
},
{
"cve": "CVE-2024-3846",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3846"
},
{
"cve": "CVE-2024-3847",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen oder einen nicht spezifizierten Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2024-04-18T22:00:00.000+00:00",
"title": "CVE-2024-3847"
}
]
}
gsd-2024-3832
Vulnerability from gsd
Modified
2024-04-16 05:01
Details
Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-3832"
],
"details": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GSD-2024-3832",
"modified": "2024-04-16T05:01:59.619891Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2024-3832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "124.0.6367.60",
"version_value": "124.0.6367.60"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Object corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"name": "https://issues.chromium.org/issues/331358160",
"refsource": "MISC",
"url": "https://issues.chromium.org/issues/331358160"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "La corrupci\u00f3n de objetos en V8 en Google Chrome anterior a 124.0.6367.60 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de objetos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"id": "CVE-2024-3832",
"lastModified": "2024-04-23T18:15:15.187",
"metrics": {},
"published": "2024-04-17T08:15:10.190",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://issues.chromium.org/issues/331358160"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
opensuse-su-2024:13953-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
chromedriver-124.0.6367.201-1.1 on GA media
Notes
Title of the patch
chromedriver-124.0.6367.201-1.1 on GA media
Description of the patch
These are all security issues fixed in the chromedriver-124.0.6367.201-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13953
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chromedriver-124.0.6367.201-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chromedriver-124.0.6367.201-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13953",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13953-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2625 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2626 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2627 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2628 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2885 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2887 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3515 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3516 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3832 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3833 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3838 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3844 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3847 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4331 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4368 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4558 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4671/"
}
],
"title": "chromedriver-124.0.6367.201-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13953-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.aarch64",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.aarch64",
"product_id": "chromedriver-124.0.6367.201-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.aarch64",
"product": {
"name": "chromium-124.0.6367.201-1.1.aarch64",
"product_id": "chromium-124.0.6367.201-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.ppc64le",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.ppc64le",
"product_id": "chromedriver-124.0.6367.201-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.ppc64le",
"product": {
"name": "chromium-124.0.6367.201-1.1.ppc64le",
"product_id": "chromium-124.0.6367.201-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.s390x",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.s390x",
"product_id": "chromedriver-124.0.6367.201-1.1.s390x"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.s390x",
"product": {
"name": "chromium-124.0.6367.201-1.1.s390x",
"product_id": "chromium-124.0.6367.201-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.x86_64",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.x86_64",
"product_id": "chromedriver-124.0.6367.201-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.x86_64",
"product": {
"name": "chromium-124.0.6367.201-1.1.x86_64",
"product_id": "chromium-124.0.6367.201-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64"
},
"product_reference": "chromium-124.0.6367.201-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le"
},
"product_reference": "chromium-124.0.6367.201-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x"
},
"product_reference": "chromium-124.0.6367.201-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
},
"product_reference": "chromium-124.0.6367.201-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2625"
}
],
"notes": [
{
"category": "general",
"text": "Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2625",
"url": "https://www.suse.com/security/cve/CVE-2024-2625"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2625",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2625"
},
{
"cve": "CVE-2024-2626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2626"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2626",
"url": "https://www.suse.com/security/cve/CVE-2024-2626"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2626",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2626"
},
{
"cve": "CVE-2024-2627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2627"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2627",
"url": "https://www.suse.com/security/cve/CVE-2024-2627"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2627",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2627"
},
{
"cve": "CVE-2024-2628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2628"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2628",
"url": "https://www.suse.com/security/cve/CVE-2024-2628"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2628",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2628"
},
{
"cve": "CVE-2024-2883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2883"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2883",
"url": "https://www.suse.com/security/cve/CVE-2024-2883"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2883",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2883"
},
{
"cve": "CVE-2024-2885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2885"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2885",
"url": "https://www.suse.com/security/cve/CVE-2024-2885"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2885",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2885"
},
{
"cve": "CVE-2024-2886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2886"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2886",
"url": "https://www.suse.com/security/cve/CVE-2024-2886"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2886",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2886"
},
{
"cve": "CVE-2024-2887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2887"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2887",
"url": "https://www.suse.com/security/cve/CVE-2024-2887"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2887",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2887"
},
{
"cve": "CVE-2024-3156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3156"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3156",
"url": "https://www.suse.com/security/cve/CVE-2024-3156"
},
{
"category": "external",
"summary": "SUSE Bug 1222260 for CVE-2024-3156",
"url": "https://bugzilla.suse.com/1222260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3156"
},
{
"cve": "CVE-2024-3157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3157"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3157",
"url": "https://www.suse.com/security/cve/CVE-2024-3157"
},
{
"category": "external",
"summary": "SUSE Bug 1222707 for CVE-2024-3157",
"url": "https://bugzilla.suse.com/1222707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3157"
},
{
"cve": "CVE-2024-3158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3158"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3158",
"url": "https://www.suse.com/security/cve/CVE-2024-3158"
},
{
"category": "external",
"summary": "SUSE Bug 1222260 for CVE-2024-3158",
"url": "https://bugzilla.suse.com/1222260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3158"
},
{
"cve": "CVE-2024-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3159"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3159",
"url": "https://www.suse.com/security/cve/CVE-2024-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1222260 for CVE-2024-3159",
"url": "https://bugzilla.suse.com/1222260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3159"
},
{
"cve": "CVE-2024-3515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3515"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3515",
"url": "https://www.suse.com/security/cve/CVE-2024-3515"
},
{
"category": "external",
"summary": "SUSE Bug 1222707 for CVE-2024-3515",
"url": "https://bugzilla.suse.com/1222707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3515"
},
{
"cve": "CVE-2024-3516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3516"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3516",
"url": "https://www.suse.com/security/cve/CVE-2024-3516"
},
{
"category": "external",
"summary": "SUSE Bug 1222707 for CVE-2024-3516",
"url": "https://bugzilla.suse.com/1222707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3516"
},
{
"cve": "CVE-2024-3832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3832"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3832",
"url": "https://www.suse.com/security/cve/CVE-2024-3832"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3832",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3832"
},
{
"cve": "CVE-2024-3833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3833"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3833",
"url": "https://www.suse.com/security/cve/CVE-2024-3833"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3833",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3833"
},
{
"cve": "CVE-2024-3834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3834"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3834",
"url": "https://www.suse.com/security/cve/CVE-2024-3834"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3834",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3834"
},
{
"cve": "CVE-2024-3837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3837"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3837",
"url": "https://www.suse.com/security/cve/CVE-2024-3837"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3837",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3837"
},
{
"cve": "CVE-2024-3838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3838"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3838",
"url": "https://www.suse.com/security/cve/CVE-2024-3838"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3838",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3838"
},
{
"cve": "CVE-2024-3839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3839"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3839",
"url": "https://www.suse.com/security/cve/CVE-2024-3839"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3839",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3839"
},
{
"cve": "CVE-2024-3840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3840"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3840",
"url": "https://www.suse.com/security/cve/CVE-2024-3840"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3840",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3840"
},
{
"cve": "CVE-2024-3841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3841"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3841",
"url": "https://www.suse.com/security/cve/CVE-2024-3841"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3841",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3841"
},
{
"cve": "CVE-2024-3843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3843"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3843",
"url": "https://www.suse.com/security/cve/CVE-2024-3843"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3843",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3843"
},
{
"cve": "CVE-2024-3844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3844"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3844",
"url": "https://www.suse.com/security/cve/CVE-2024-3844"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3844",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3844"
},
{
"cve": "CVE-2024-3845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3845"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3845",
"url": "https://www.suse.com/security/cve/CVE-2024-3845"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3845",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3845"
},
{
"cve": "CVE-2024-3846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3846"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3846",
"url": "https://www.suse.com/security/cve/CVE-2024-3846"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3846",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3846"
},
{
"cve": "CVE-2024-3847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3847"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3847",
"url": "https://www.suse.com/security/cve/CVE-2024-3847"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3847",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3847"
},
{
"cve": "CVE-2024-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4058"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4058",
"url": "https://www.suse.com/security/cve/CVE-2024-4058"
},
{
"category": "external",
"summary": "SUSE Bug 1223845 for CVE-2024-4058",
"url": "https://bugzilla.suse.com/1223845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4058"
},
{
"cve": "CVE-2024-4059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4059"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4059",
"url": "https://www.suse.com/security/cve/CVE-2024-4059"
},
{
"category": "external",
"summary": "SUSE Bug 1223845 for CVE-2024-4059",
"url": "https://bugzilla.suse.com/1223845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4059"
},
{
"cve": "CVE-2024-4060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4060"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4060",
"url": "https://www.suse.com/security/cve/CVE-2024-4060"
},
{
"category": "external",
"summary": "SUSE Bug 1223845 for CVE-2024-4060",
"url": "https://bugzilla.suse.com/1223845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4060"
},
{
"cve": "CVE-2024-4331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4331"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4331",
"url": "https://www.suse.com/security/cve/CVE-2024-4331"
},
{
"category": "external",
"summary": "SUSE Bug 1223846 for CVE-2024-4331",
"url": "https://bugzilla.suse.com/1223846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4331"
},
{
"cve": "CVE-2024-4368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4368"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4368",
"url": "https://www.suse.com/security/cve/CVE-2024-4368"
},
{
"category": "external",
"summary": "SUSE Bug 1223846 for CVE-2024-4368",
"url": "https://bugzilla.suse.com/1223846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4368"
},
{
"cve": "CVE-2024-4558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4558"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4558",
"url": "https://www.suse.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "SUSE Bug 1224045 for CVE-2024-4558",
"url": "https://bugzilla.suse.com/1224045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-4558"
},
{
"cve": "CVE-2024-4559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4559"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4559",
"url": "https://www.suse.com/security/cve/CVE-2024-4559"
},
{
"category": "external",
"summary": "SUSE Bug 1224045 for CVE-2024-4559",
"url": "https://bugzilla.suse.com/1224045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-4559"
},
{
"cve": "CVE-2024-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4671"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4671",
"url": "https://www.suse.com/security/cve/CVE-2024-4671"
},
{
"category": "external",
"summary": "SUSE Bug 1224208 for CVE-2024-4671",
"url": "https://bugzilla.suse.com/1224208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-4671"
}
]
}
opensuse-su-2024:0156-1
Vulnerability from csaf_opensuse
Published
2024-06-10 07:54
Modified
2024-06-10 07:54
Summary
Security update for opera
Notes
Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues:
Update to 110.0.5130.64
* CHR-9748 Update Chromium on desktop-stable-124-5130
to 124.0.6367.243
* DNA-116317 Create outline or shadow around emojis on tab strip
* DNA-116320 Create animation for emoji disappearing from
tab strip
* DNA-116564 Assign custom emoji from emoji picker
* DNA-116690 Make chrome://emoji-picker attachable by webdriver
* DNA-116732 Introduce stat event for setting / unsetting emoji
on a tab
* DNA-116753 Emoji picker does not follow browser theme
* DNA-116755 Record tab emojis added / removed
* DNA-116777 Enable #tab-art on all streams
Update to 110.0.5130.49
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-116706 [gpu-crash] Crash at SkGpuShaderImageFilter::
onFilterImage(skif::Context const&)
Update to 110.0.5130.39
* DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint
* DNA-116680 Import 0-day fix for CVE-2024-5274
Update to 110.0.5130.35
* CHR-9721 Update Chromium on desktop-stable-124-5130 to
124.0.6367.202
* DNA-114787 Crash at views::View::DoRemoveChildView(views::
View*, bool, bool, views::View*)
* DNA-115640 Tab island is not properly displayed after
drag&drop in light theme
* DNA-116191 Fix link in RTV Euro CoS
* DNA-116218 Crash at SkGpuShaderImageFilter::onFilterImage
(skif::Context const&)
* DNA-116241 Update affiliation link for media expert
'Continue On'
* DNA-116256 Crash at TabHoverCardController::UpdateHoverCard
(opera::TabDataView*, TabHoverCardController::UpdateType,
bool)
* DNA-116270 Show 'Suggestions' inside expanding Speed Dial
field
* DNA-116474 Implement the no dynamic hover approach
* DNA-116493 Make sure that additional elements like
(Sync your browser) etc. doesn’t shift content down on page
* DNA-116515 Import 0-day fix from Chromium '[wasm-gc] Only
normalize JSObject targets in SetOrCopyDataProperties'
* DNA-116543 Twitter migrate to x.com
* DNA-116552 Change max width of the banner
* DNA-116569 Twitter in Panel loading for the first time opens
two Tabs automatically
* DNA-116587 Translate settings strings for every language
The update to chromium 124.0.6367.202 fixes following issues:
CVE-2024-4671
Update to 110.0.5130.23
* CHR-9706 Update Chromium on desktop-stable-124-5130 to
124.0.6367.62
* DNA-116450 Promote 110 to stable
- Complete Opera 110 changelog at:
https://blogs.opera.com/desktop/changelog-for-110/
- The update to chromium 124.0.6367.62 fixes following issues:
CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834,
CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840,
CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845,
CVE-2024-3846, CVE-2024-3847
- Update to 109.0.5097.80
* DNA-115738 Crash at extensions::ExtensionRegistry::
GetExtensionById(std::__Cr::basic_string const&, int)
* DNA-115797 [Flow] Never ending loading while connecting to flow
* DNA-116315 Chat GPT in Sidebar Panel doesn’t work
- Update to 109.0.5097.59
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-115810 Enable #drag-multiple-tabs on all streams
Patchnames
openSUSE-2024-156
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\nUpdate to 110.0.5130.64\n\n * CHR-9748 Update Chromium on desktop-stable-124-5130\n to 124.0.6367.243\n * DNA-116317 Create outline or shadow around emojis on tab strip\n * DNA-116320 Create animation for emoji disappearing from\n tab strip\n * DNA-116564 Assign custom emoji from emoji picker\n * DNA-116690 Make chrome://emoji-picker attachable by webdriver\n * DNA-116732 Introduce stat event for setting / unsetting emoji\n on a tab\n * DNA-116753 Emoji picker does not follow browser theme\n * DNA-116755 Record tab emojis added / removed\n * DNA-116777 Enable #tab-art on all streams\n\nUpdate to 110.0.5130.49\n\n * CHR-9416 Updating Chromium on desktop-stable-* branches\n * DNA-116706 [gpu-crash] Crash at SkGpuShaderImageFilter::\n onFilterImage(skif::Context const\u0026)\n\nUpdate to 110.0.5130.39\n\n * DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint\n * DNA-116680 Import 0-day fix for CVE-2024-5274\n\nUpdate to 110.0.5130.35\n\n * CHR-9721 Update Chromium on desktop-stable-124-5130 to\n 124.0.6367.202\n * DNA-114787 Crash at views::View::DoRemoveChildView(views::\n View*, bool, bool, views::View*)\n * DNA-115640 Tab island is not properly displayed after\n drag\u0026drop in light theme\n * DNA-116191 Fix link in RTV Euro CoS\n * DNA-116218 Crash at SkGpuShaderImageFilter::onFilterImage\n (skif::Context const\u0026)\n * DNA-116241 Update affiliation link for media expert\n \u0027Continue On\u0027\n * DNA-116256 Crash at TabHoverCardController::UpdateHoverCard\n (opera::TabDataView*, TabHoverCardController::UpdateType,\n bool)\n * DNA-116270 Show \u0027Suggestions\u0027 inside expanding Speed Dial\n field\n * DNA-116474 Implement the no dynamic hover approach\n * DNA-116493 Make sure that additional elements like\n (Sync your browser) etc. doesn\u2019t shift content down on page\n * DNA-116515 Import 0-day fix from Chromium \u0027[wasm-gc] Only\n normalize JSObject targets in SetOrCopyDataProperties\u0027\n * DNA-116543 Twitter migrate to x.com\n * DNA-116552 Change max width of the banner\n * DNA-116569 Twitter in Panel loading for the first time opens\n two Tabs automatically\n * DNA-116587 Translate settings strings for every language\n\nThe update to chromium 124.0.6367.202 fixes following issues: \n CVE-2024-4671\n\nUpdate to 110.0.5130.23\n\n * CHR-9706 Update Chromium on desktop-stable-124-5130 to\n 124.0.6367.62\n * DNA-116450 Promote 110 to stable\n\n- Complete Opera 110 changelog at:\n https://blogs.opera.com/desktop/changelog-for-110/\n\n- The update to chromium 124.0.6367.62 fixes following issues: \n CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834,\n CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840,\n CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845,\n CVE-2024-3846, CVE-2024-3847\n\n- Update to 109.0.5097.80\n\n * DNA-115738 Crash at extensions::ExtensionRegistry::\n GetExtensionById(std::__Cr::basic_string const\u0026, int)\n * DNA-115797 [Flow] Never ending loading while connecting to flow\n * DNA-116315 Chat GPT in Sidebar Panel doesn\u2019t work\n\n- Update to 109.0.5097.59\n\n * CHR-9416 Updating Chromium on desktop-stable-* branches\n * DNA-115810 Enable #drag-multiple-tabs on all streams\n \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-156",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0156-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0156-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PYKI7FIDICKYHO5TLIGQUUCUF2ATFWPR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0156-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PYKI7FIDICKYHO5TLIGQUUCUF2ATFWPR/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3832 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3833 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3838 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3844 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3847 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5274 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5274/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2024-06-10T07:54:32Z",
"generator": {
"date": "2024-06-10T07:54:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0156-1",
"initial_release_date": "2024-06-10T07:54:32Z",
"revision_history": [
{
"date": "2024-06-10T07:54:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-110.0.5130.64-lp156.2.6.1.x86_64",
"product": {
"name": "opera-110.0.5130.64-lp156.2.6.1.x86_64",
"product_id": "opera-110.0.5130.64-lp156.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6 NonFree",
"product": {
"name": "openSUSE Leap 15.6 NonFree",
"product_id": "openSUSE Leap 15.6 NonFree"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-110.0.5130.64-lp156.2.6.1.x86_64 as component of openSUSE Leap 15.6 NonFree",
"product_id": "openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
},
"product_reference": "opera-110.0.5130.64-lp156.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3832"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3832",
"url": "https://www.suse.com/security/cve/CVE-2024-3832"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3832",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3832"
},
{
"cve": "CVE-2024-3833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3833"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3833",
"url": "https://www.suse.com/security/cve/CVE-2024-3833"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3833",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3833"
},
{
"cve": "CVE-2024-3834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3834"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3834",
"url": "https://www.suse.com/security/cve/CVE-2024-3834"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3834",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3834"
},
{
"cve": "CVE-2024-3837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3837"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3837",
"url": "https://www.suse.com/security/cve/CVE-2024-3837"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3837",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3837"
},
{
"cve": "CVE-2024-3838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3838"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3838",
"url": "https://www.suse.com/security/cve/CVE-2024-3838"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3838",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3838"
},
{
"cve": "CVE-2024-3839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3839"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3839",
"url": "https://www.suse.com/security/cve/CVE-2024-3839"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3839",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3839"
},
{
"cve": "CVE-2024-3840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3840"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3840",
"url": "https://www.suse.com/security/cve/CVE-2024-3840"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3840",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3840"
},
{
"cve": "CVE-2024-3841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3841"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3841",
"url": "https://www.suse.com/security/cve/CVE-2024-3841"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3841",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3841"
},
{
"cve": "CVE-2024-3843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3843"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3843",
"url": "https://www.suse.com/security/cve/CVE-2024-3843"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3843",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3843"
},
{
"cve": "CVE-2024-3844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3844"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3844",
"url": "https://www.suse.com/security/cve/CVE-2024-3844"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3844",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3844"
},
{
"cve": "CVE-2024-3845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3845"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3845",
"url": "https://www.suse.com/security/cve/CVE-2024-3845"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3845",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3845"
},
{
"cve": "CVE-2024-3846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3846"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3846",
"url": "https://www.suse.com/security/cve/CVE-2024-3846"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3846",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3846"
},
{
"cve": "CVE-2024-3847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3847"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3847",
"url": "https://www.suse.com/security/cve/CVE-2024-3847"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3847",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3847"
},
{
"cve": "CVE-2024-3914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3914"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3914",
"url": "https://www.suse.com/security/cve/CVE-2024-3914"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3914",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-3914"
},
{
"cve": "CVE-2024-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4671"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4671",
"url": "https://www.suse.com/security/cve/CVE-2024-4671"
},
{
"category": "external",
"summary": "SUSE Bug 1224208 for CVE-2024-4671",
"url": "https://bugzilla.suse.com/1224208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-4671"
},
{
"cve": "CVE-2024-5274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5274"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5274",
"url": "https://www.suse.com/security/cve/CVE-2024-5274"
},
{
"category": "external",
"summary": "SUSE Bug 1225199 for CVE-2024-5274",
"url": "https://bugzilla.suse.com/1225199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6 NonFree:opera-110.0.5130.64-lp156.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-10T07:54:32Z",
"details": "critical"
}
],
"title": "CVE-2024-5274"
}
]
}
opensuse-su-2024:0128-1
Vulnerability from csaf_opensuse
Published
2024-05-16 11:13
Modified
2024-05-16 11:13
Summary
Security update for opera
Notes
Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues:
- Update to 110.0.5130.23
* CHR-9706 Update Chromium on desktop-stable-124-5130 to
124.0.6367.62
* DNA-116450 Promote 110 to stable
- Complete Opera 110 changelog at:
https://blogs.opera.com/desktop/changelog-for-110/
- The update to chromium 124.0.6367.62 fixes following issues:
CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834,
CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840,
CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845,
CVE-2024-3846, CVE-2024-3847
- Update to 109.0.5097.80
* DNA-115738 Crash at extensions::ExtensionRegistry::
GetExtensionById(std::__Cr::basic_string const&, int)
* DNA-115797 [Flow] Never ending loading while connecting to flow
* DNA-116315 Chat GPT in Sidebar Panel doesn’t work
- Update to 109.0.5097.59
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-115810 Enable #drag-multiple-tabs on all streams
- Update to 109.0.5097.45
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-114737 [Search box] It's getting blurred when click
on it, also lower corners are not rounded sometimes
* DNA-115042 '+' button is not responsive when 30+ tabs opened
* DNA-115326 Wrong fonts and padding after intake
* DNA-115392 [Badges] Text displayed in red
* DNA-115501 'Review your payment' native popup has wrong colors
* DNA-115809 Enable #show-duplicate-indicator-on-link on
all streams
Patchnames
openSUSE-2024-128
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\n- Update to 110.0.5130.23\n\n * CHR-9706 Update Chromium on desktop-stable-124-5130 to\n 124.0.6367.62\n * DNA-116450 Promote 110 to stable\n\n- Complete Opera 110 changelog at:\n https://blogs.opera.com/desktop/changelog-for-110/\n\n- The update to chromium 124.0.6367.62 fixes following issues: \n\n CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834,\n CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840,\n CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845,\n CVE-2024-3846, CVE-2024-3847\n\n- Update to 109.0.5097.80\n\n * DNA-115738 Crash at extensions::ExtensionRegistry::\n GetExtensionById(std::__Cr::basic_string const\u0026, int)\n * DNA-115797 [Flow] Never ending loading while connecting to flow\n * DNA-116315 Chat GPT in Sidebar Panel doesn\u2019t work\n\n- Update to 109.0.5097.59\n\n * CHR-9416 Updating Chromium on desktop-stable-* branches\n * DNA-115810 Enable #drag-multiple-tabs on all streams\n\n- Update to 109.0.5097.45\n\n * CHR-9416 Updating Chromium on desktop-stable-* branches\n * DNA-114737 [Search box] It\u0027s getting blurred when click\n on it, also lower corners are not rounded sometimes\n * DNA-115042 \u0027+\u0027 button is not responsive when 30+ tabs opened\n * DNA-115326 Wrong fonts and padding after intake\n * DNA-115392 [Badges] Text displayed in red\n * DNA-115501 \u0027Review your payment\u0027 native popup has wrong colors\n * DNA-115809 Enable #show-duplicate-indicator-on-link on\n all streams\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-128",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0128-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0128-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVLMJIQMVDQI2D33EDKB65KEXN6OMIRX/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0128-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVLMJIQMVDQI2D33EDKB65KEXN6OMIRX/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3832 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3833 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3838 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3844 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3847 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3914 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3914/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2024-05-16T11:13:38Z",
"generator": {
"date": "2024-05-16T11:13:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0128-1",
"initial_release_date": "2024-05-16T11:13:38Z",
"revision_history": [
{
"date": "2024-05-16T11:13:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-110.0.5130.23-lp155.3.45.1.x86_64",
"product": {
"name": "opera-110.0.5130.23-lp155.3.45.1.x86_64",
"product_id": "opera-110.0.5130.23-lp155.3.45.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5 NonFree",
"product": {
"name": "openSUSE Leap 15.5 NonFree",
"product_id": "openSUSE Leap 15.5 NonFree"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-110.0.5130.23-lp155.3.45.1.x86_64 as component of openSUSE Leap 15.5 NonFree",
"product_id": "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
},
"product_reference": "opera-110.0.5130.23-lp155.3.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3832"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3832",
"url": "https://www.suse.com/security/cve/CVE-2024-3832"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3832",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3832"
},
{
"cve": "CVE-2024-3833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3833"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3833",
"url": "https://www.suse.com/security/cve/CVE-2024-3833"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3833",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3833"
},
{
"cve": "CVE-2024-3834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3834"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3834",
"url": "https://www.suse.com/security/cve/CVE-2024-3834"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3834",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3834"
},
{
"cve": "CVE-2024-3837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3837"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3837",
"url": "https://www.suse.com/security/cve/CVE-2024-3837"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3837",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3837"
},
{
"cve": "CVE-2024-3838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3838"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3838",
"url": "https://www.suse.com/security/cve/CVE-2024-3838"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3838",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3838"
},
{
"cve": "CVE-2024-3839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3839"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3839",
"url": "https://www.suse.com/security/cve/CVE-2024-3839"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3839",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3839"
},
{
"cve": "CVE-2024-3840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3840"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3840",
"url": "https://www.suse.com/security/cve/CVE-2024-3840"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3840",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3840"
},
{
"cve": "CVE-2024-3841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3841"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3841",
"url": "https://www.suse.com/security/cve/CVE-2024-3841"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3841",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3841"
},
{
"cve": "CVE-2024-3843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3843"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3843",
"url": "https://www.suse.com/security/cve/CVE-2024-3843"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3843",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3843"
},
{
"cve": "CVE-2024-3844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3844"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3844",
"url": "https://www.suse.com/security/cve/CVE-2024-3844"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3844",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3844"
},
{
"cve": "CVE-2024-3845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3845"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3845",
"url": "https://www.suse.com/security/cve/CVE-2024-3845"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3845",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3845"
},
{
"cve": "CVE-2024-3846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3846"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3846",
"url": "https://www.suse.com/security/cve/CVE-2024-3846"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3846",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3846"
},
{
"cve": "CVE-2024-3847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3847"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3847",
"url": "https://www.suse.com/security/cve/CVE-2024-3847"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3847",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3847"
},
{
"cve": "CVE-2024-3914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3914"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3914",
"url": "https://www.suse.com/security/cve/CVE-2024-3914"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3914",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-16T11:13:38Z",
"details": "critical"
}
],
"title": "CVE-2024-3914"
}
]
}
fkie_cve-2024-3832
Vulnerability from fkie_nvd
Published
2024-04-17 08:15
Modified
2025-03-14 01:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html | Release Notes | |
| chrome-cve-admin@google.com | https://issues.chromium.org/issues/331358160 | Exploit, Issue Tracking | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/ | Mailing List | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/ | Mailing List | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.chromium.org/issues/331358160 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/ | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB90495-B48B-4020-A2CC-51D77CABEB72",
"versionEndExcluding": "124.0.6367.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "La corrupci\u00f3n de objetos en V8 en Google Chrome anterior a 124.0.6367.60 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de objetos a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"id": "CVE-2024-3832",
"lastModified": "2025-03-14T01:15:40.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-17T08:15:10.190",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://issues.chromium.org/issues/331358160"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://issues.chromium.org/issues/331358160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…