Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-4368 (GCVE-0-2024-4368)
Vulnerability from cvelistv5
Published
2024-05-01 12:50
Modified
2025-03-13 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chrome",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-04T04:00:10.202187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:56:06.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://issues.chromium.org/issues/333508731"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "124.0.6367.118",
"status": "affected",
"version": "124.0.6367.118",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:06:47.857Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html"
},
{
"url": "https://issues.chromium.org/issues/333508731"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-4368",
"datePublished": "2024-05-01T12:50:38.859Z",
"dateReserved": "2024-04-30T19:12:53.226Z",
"dateUpdated": "2025-03-13T19:56:06.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4368\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2024-05-01T13:15:52.390\",\"lastModified\":\"2025-03-13T20:15:23.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"El use after free en Dawn en Google Chrome anterior a 124.0.6367.118 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"124.0.6367.118\",\"matchCriteriaId\":\"6581DD86-223C-40F6-8879-D7E358A355AE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/333508731\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/333508731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://issues.chromium.org/issues/333508731\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:40:47.038Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4368\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-04T04:00:10.202187Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T15:09:04.480Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"124.0.6367.118\", \"lessThan\": \"124.0.6367.118\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html\"}, {\"url\": \"https://issues.chromium.org/issues/333508731\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Use after free\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-06-10T17:06:47.857Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4368\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-13T19:56:06.412Z\", \"dateReserved\": \"2024-04-30T19:12:53.226Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2024-05-01T12:50:38.859Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2024-4368
Vulnerability from fkie_nvd
Published
2024-05-01 13:15
Modified
2025-03-13 20:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html | Release Notes | |
| chrome-cve-admin@google.com | https://issues.chromium.org/issues/333508731 | Exploit, Issue Tracking | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/ | Mailing List | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/ | Mailing List | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/ | Mailing List | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/ | Mailing List | |
| chrome-cve-admin@google.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.chromium.org/issues/333508731 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/ | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6581DD86-223C-40F6-8879-D7E358A355AE",
"versionEndExcluding": "124.0.6367.118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El use after free en Dawn en Google Chrome anterior a 124.0.6367.118 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"id": "CVE-2024-4368",
"lastModified": "2025-03-13T20:15:23.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-01T13:15:52.390",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://issues.chromium.org/issues/333508731"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://issues.chromium.org/issues/333508731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
wid-sec-w-2024-1011
Vulnerability from csaf_certbund
Published
2024-05-01 22:00
Modified
2024-12-08 23:00
Summary
Google Chrome / Microsoft Edge: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Internet-Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome / Microsoft Edge ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1011 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1011.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1011 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1011"
},
{
"category": "external",
"summary": "Chrome Stable Channel Update vom 2024-05-01",
"url": "http://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-808F3961EF vom 2024-05-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-808f3961ef"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-191C252B75 vom 2024-05-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-191c252b75"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5483BC2ADB vom 2024-05-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5483bc2adb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5CF9499B62 vom 2024-05-02",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5cf9499b62"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2024-05-02",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-4EDAF658B7 vom 2024-05-05",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-4edaf658b7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-55E7E839F1 vom 2024-05-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-55e7e839f1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-F93392509C vom 2024-05-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-f93392509c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-F74FBCE604 vom 2024-05-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f74fbce604"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-AC000E6379 vom 2024-05-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-ac000e6379"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-92780A83F9 vom 2024-05-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-92780a83f9"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0123-1 vom 2024-05-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-DF7E365B4A vom 2024-05-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-df7e365b4a"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:0123-1 vom 2024-05-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-E94A7220F2 vom 2024-05-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e94a7220f2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-3A548F46A8 vom 2024-05-16",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-3a548f46a8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-1FB3CEC2E0 vom 2024-05-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1fb3cec2e0"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-38D250BAFC vom 2024-05-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-38d250bafc"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-3184C14A07 vom 2024-05-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3184c14a07"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-1A95B76E46 vom 2024-05-23",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1a95b76e46"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202412-05 vom 2024-12-07",
"url": "https://security.gentoo.org/glsa/202412-05"
}
],
"source_lang": "en-US",
"title": "Google Chrome / Microsoft Edge: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2024-12-08T23:00:00.000+00:00",
"generator": {
"date": "2024-12-09T09:20:30.110+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-1011",
"initial_release_date": "2024-05-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "2",
"summary": "Microsoft Edge hnzugef\u00fcgt"
},
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von openSUSE und Fedora aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c124.0.6367.118",
"product": {
"name": "Google Chrome \u003c124.0.6367.118",
"product_id": "T034469"
}
},
{
"category": "product_version",
"name": "124.0.6367.118",
"product": {
"name": "Google Chrome 124.0.6367.118",
"product_id": "T034469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:124.0.6367.118"
}
}
},
{
"category": "product_version_range",
"name": "\u003c124.0.6367.119",
"product": {
"name": "Google Chrome \u003c124.0.6367.119",
"product_id": "T034470"
}
},
{
"category": "product_version",
"name": "124.0.6367.119",
"product": {
"name": "Google Chrome 124.0.6367.119",
"product_id": "T034470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:124.0.6367.119"
}
}
}
],
"category": "product_name",
"name": "Chrome"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c124.0.2478.80",
"product": {
"name": "Microsoft Edge \u003c124.0.2478.80",
"product_id": "T034529"
}
},
{
"category": "product_version",
"name": "124.0.2478.80",
"product": {
"name": "Microsoft Edge 124.0.2478.80",
"product_id": "T034529-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:124.0.2478.80"
}
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4331",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Google Chrome / Microsoft Edge. Diese ist auf mehrere Use-after-Free-Fehler zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T034469",
"T034529",
"T027843",
"T012167",
"T034470",
"74185"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2024-4331"
},
{
"cve": "CVE-2024-4368",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Google Chrome / Microsoft Edge. Diese ist auf mehrere Use-after-Free-Fehler zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T034469",
"T034529",
"T027843",
"T012167",
"T034470",
"74185"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2024-4368"
}
]
}
ghsa-5jhr-gg3j-ggcf
Vulnerability from github
Published
2024-05-01 15:30
Modified
2024-07-03 18:38
Severity ?
VLAI Severity ?
Details
Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-4368"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T13:15:52Z",
"severity": "MODERATE"
},
"details": "Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-5jhr-gg3j-ggcf",
"modified": "2024-07-03T18:38:09Z",
"published": "2024-05-01T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/333508731"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:13953-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
chromedriver-124.0.6367.201-1.1 on GA media
Notes
Title of the patch
chromedriver-124.0.6367.201-1.1 on GA media
Description of the patch
These are all security issues fixed in the chromedriver-124.0.6367.201-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13953
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chromedriver-124.0.6367.201-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chromedriver-124.0.6367.201-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13953",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13953-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2625 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2626 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2627 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2628 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2883 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2883/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2885 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2886 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2887 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3157 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3158/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3159 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3515 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3516 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3832 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3833 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3834 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3837 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3837/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3838 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3838/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3839 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3840 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3841 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3843 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3843/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3844 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3845 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3846 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3847 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4059 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4060 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4331 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4368 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4558 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4559 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4671/"
}
],
"title": "chromedriver-124.0.6367.201-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13953-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.aarch64",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.aarch64",
"product_id": "chromedriver-124.0.6367.201-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.aarch64",
"product": {
"name": "chromium-124.0.6367.201-1.1.aarch64",
"product_id": "chromium-124.0.6367.201-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.ppc64le",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.ppc64le",
"product_id": "chromedriver-124.0.6367.201-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.ppc64le",
"product": {
"name": "chromium-124.0.6367.201-1.1.ppc64le",
"product_id": "chromium-124.0.6367.201-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.s390x",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.s390x",
"product_id": "chromedriver-124.0.6367.201-1.1.s390x"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.s390x",
"product": {
"name": "chromium-124.0.6367.201-1.1.s390x",
"product_id": "chromium-124.0.6367.201-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-124.0.6367.201-1.1.x86_64",
"product": {
"name": "chromedriver-124.0.6367.201-1.1.x86_64",
"product_id": "chromedriver-124.0.6367.201-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-124.0.6367.201-1.1.x86_64",
"product": {
"name": "chromium-124.0.6367.201-1.1.x86_64",
"product_id": "chromium-124.0.6367.201-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-124.0.6367.201-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64"
},
"product_reference": "chromedriver-124.0.6367.201-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64"
},
"product_reference": "chromium-124.0.6367.201-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le"
},
"product_reference": "chromium-124.0.6367.201-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x"
},
"product_reference": "chromium-124.0.6367.201-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-124.0.6367.201-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
},
"product_reference": "chromium-124.0.6367.201-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2625"
}
],
"notes": [
{
"category": "general",
"text": "Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2625",
"url": "https://www.suse.com/security/cve/CVE-2024-2625"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2625",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2625"
},
{
"cve": "CVE-2024-2626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2626"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2626",
"url": "https://www.suse.com/security/cve/CVE-2024-2626"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2626",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2626"
},
{
"cve": "CVE-2024-2627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2627"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2627",
"url": "https://www.suse.com/security/cve/CVE-2024-2627"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2627",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2627"
},
{
"cve": "CVE-2024-2628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2628"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2628",
"url": "https://www.suse.com/security/cve/CVE-2024-2628"
},
{
"category": "external",
"summary": "SUSE Bug 1221732 for CVE-2024-2628",
"url": "https://bugzilla.suse.com/1221732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2628"
},
{
"cve": "CVE-2024-2883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2883"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2883",
"url": "https://www.suse.com/security/cve/CVE-2024-2883"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2883",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2883"
},
{
"cve": "CVE-2024-2885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2885"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2885",
"url": "https://www.suse.com/security/cve/CVE-2024-2885"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2885",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2885"
},
{
"cve": "CVE-2024-2886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2886"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2886",
"url": "https://www.suse.com/security/cve/CVE-2024-2886"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2886",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2886"
},
{
"cve": "CVE-2024-2887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2887"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2887",
"url": "https://www.suse.com/security/cve/CVE-2024-2887"
},
{
"category": "external",
"summary": "SUSE Bug 1222035 for CVE-2024-2887",
"url": "https://bugzilla.suse.com/1222035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-2887"
},
{
"cve": "CVE-2024-3156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3156"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3156",
"url": "https://www.suse.com/security/cve/CVE-2024-3156"
},
{
"category": "external",
"summary": "SUSE Bug 1222260 for CVE-2024-3156",
"url": "https://bugzilla.suse.com/1222260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3156"
},
{
"cve": "CVE-2024-3157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3157"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3157",
"url": "https://www.suse.com/security/cve/CVE-2024-3157"
},
{
"category": "external",
"summary": "SUSE Bug 1222707 for CVE-2024-3157",
"url": "https://bugzilla.suse.com/1222707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3157"
},
{
"cve": "CVE-2024-3158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3158"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3158",
"url": "https://www.suse.com/security/cve/CVE-2024-3158"
},
{
"category": "external",
"summary": "SUSE Bug 1222260 for CVE-2024-3158",
"url": "https://bugzilla.suse.com/1222260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3158"
},
{
"cve": "CVE-2024-3159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3159"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3159",
"url": "https://www.suse.com/security/cve/CVE-2024-3159"
},
{
"category": "external",
"summary": "SUSE Bug 1222260 for CVE-2024-3159",
"url": "https://bugzilla.suse.com/1222260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-3159"
},
{
"cve": "CVE-2024-3515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3515"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3515",
"url": "https://www.suse.com/security/cve/CVE-2024-3515"
},
{
"category": "external",
"summary": "SUSE Bug 1222707 for CVE-2024-3515",
"url": "https://bugzilla.suse.com/1222707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3515"
},
{
"cve": "CVE-2024-3516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3516"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3516",
"url": "https://www.suse.com/security/cve/CVE-2024-3516"
},
{
"category": "external",
"summary": "SUSE Bug 1222707 for CVE-2024-3516",
"url": "https://bugzilla.suse.com/1222707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3516"
},
{
"cve": "CVE-2024-3832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3832"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3832",
"url": "https://www.suse.com/security/cve/CVE-2024-3832"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3832",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3832"
},
{
"cve": "CVE-2024-3833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3833"
}
],
"notes": [
{
"category": "general",
"text": "Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3833",
"url": "https://www.suse.com/security/cve/CVE-2024-3833"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3833",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3833"
},
{
"cve": "CVE-2024-3834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3834"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3834",
"url": "https://www.suse.com/security/cve/CVE-2024-3834"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3834",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3834"
},
{
"cve": "CVE-2024-3837",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3837"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3837",
"url": "https://www.suse.com/security/cve/CVE-2024-3837"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3837",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3837"
},
{
"cve": "CVE-2024-3838",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3838"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3838",
"url": "https://www.suse.com/security/cve/CVE-2024-3838"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3838",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3838"
},
{
"cve": "CVE-2024-3839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3839"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3839",
"url": "https://www.suse.com/security/cve/CVE-2024-3839"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3839",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3839"
},
{
"cve": "CVE-2024-3840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3840"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3840",
"url": "https://www.suse.com/security/cve/CVE-2024-3840"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3840",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3840"
},
{
"cve": "CVE-2024-3841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3841"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3841",
"url": "https://www.suse.com/security/cve/CVE-2024-3841"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3841",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3841"
},
{
"cve": "CVE-2024-3843",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3843"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3843",
"url": "https://www.suse.com/security/cve/CVE-2024-3843"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3843",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3843"
},
{
"cve": "CVE-2024-3844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3844"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3844",
"url": "https://www.suse.com/security/cve/CVE-2024-3844"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3844",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3844"
},
{
"cve": "CVE-2024-3845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3845"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3845",
"url": "https://www.suse.com/security/cve/CVE-2024-3845"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3845",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3845"
},
{
"cve": "CVE-2024-3846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3846"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3846",
"url": "https://www.suse.com/security/cve/CVE-2024-3846"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3846",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3846"
},
{
"cve": "CVE-2024-3847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3847"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3847",
"url": "https://www.suse.com/security/cve/CVE-2024-3847"
},
{
"category": "external",
"summary": "SUSE Bug 1222958 for CVE-2024-3847",
"url": "https://bugzilla.suse.com/1222958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-3847"
},
{
"cve": "CVE-2024-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4058"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4058",
"url": "https://www.suse.com/security/cve/CVE-2024-4058"
},
{
"category": "external",
"summary": "SUSE Bug 1223845 for CVE-2024-4058",
"url": "https://bugzilla.suse.com/1223845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4058"
},
{
"cve": "CVE-2024-4059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4059"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4059",
"url": "https://www.suse.com/security/cve/CVE-2024-4059"
},
{
"category": "external",
"summary": "SUSE Bug 1223845 for CVE-2024-4059",
"url": "https://bugzilla.suse.com/1223845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4059"
},
{
"cve": "CVE-2024-4060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4060"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4060",
"url": "https://www.suse.com/security/cve/CVE-2024-4060"
},
{
"category": "external",
"summary": "SUSE Bug 1223845 for CVE-2024-4060",
"url": "https://bugzilla.suse.com/1223845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4060"
},
{
"cve": "CVE-2024-4331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4331"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4331",
"url": "https://www.suse.com/security/cve/CVE-2024-4331"
},
{
"category": "external",
"summary": "SUSE Bug 1223846 for CVE-2024-4331",
"url": "https://bugzilla.suse.com/1223846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4331"
},
{
"cve": "CVE-2024-4368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4368"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4368",
"url": "https://www.suse.com/security/cve/CVE-2024-4368"
},
{
"category": "external",
"summary": "SUSE Bug 1223846 for CVE-2024-4368",
"url": "https://bugzilla.suse.com/1223846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-4368"
},
{
"cve": "CVE-2024-4558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4558"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4558",
"url": "https://www.suse.com/security/cve/CVE-2024-4558"
},
{
"category": "external",
"summary": "SUSE Bug 1224045 for CVE-2024-4558",
"url": "https://bugzilla.suse.com/1224045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-4558"
},
{
"cve": "CVE-2024-4559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4559"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4559",
"url": "https://www.suse.com/security/cve/CVE-2024-4559"
},
{
"category": "external",
"summary": "SUSE Bug 1224045 for CVE-2024-4559",
"url": "https://bugzilla.suse.com/1224045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-4559"
},
{
"cve": "CVE-2024-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4671"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4671",
"url": "https://www.suse.com/security/cve/CVE-2024-4671"
},
{
"category": "external",
"summary": "SUSE Bug 1224208 for CVE-2024-4671",
"url": "https://bugzilla.suse.com/1224208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-124.0.6367.201-1.1.x86_64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.aarch64",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.s390x",
"openSUSE Tumbleweed:chromium-124.0.6367.201-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-4671"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…