rpm package
opensuse/chromium&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4
Vulnerabilities (403)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3732 | — | < 115.0.5790.102-bp155.2.13.1 | 115.0.5790.102-bp155.2.13.1 | Aug 1, 2023 | Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3730 | — | < 115.0.5790.102-bp155.2.13.1 | 115.0.5790.102-bp155.2.13.1 | Aug 1, 2023 | Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3728 | — | < 115.0.5790.102-bp155.2.13.1 | 115.0.5790.102-bp155.2.13.1 | Aug 1, 2023 | Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3727 | — | < 115.0.5790.102-bp155.2.13.1 | 115.0.5790.102-bp155.2.13.1 | Aug 1, 2023 | Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3422 | — | < 114.0.5735.198-bp155.2.10.1 | 114.0.5735.198-bp155.2.10.1 | Jun 26, 2023 | Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3421 | — | < 114.0.5735.198-bp155.2.10.1 | 114.0.5735.198-bp155.2.10.1 | Jun 26, 2023 | Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3420 | — | < 114.0.5735.198-bp155.2.10.1 | 114.0.5735.198-bp155.2.10.1 | Jun 26, 2023 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3217 | — | < 114.0.5735.133-bp154.2.93.1 | 114.0.5735.133-bp154.2.93.1 | Jun 13, 2023 | Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3216 | — | < 114.0.5735.133-bp154.2.93.1 | 114.0.5735.133-bp154.2.93.1 | Jun 13, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3215 | — | < 114.0.5735.133-bp154.2.93.1 | 114.0.5735.133-bp154.2.93.1 | Jun 13, 2023 | Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3214 | — | < 114.0.5735.133-bp154.2.93.1 | 114.0.5735.133-bp154.2.93.1 | Jun 13, 2023 | Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2023-3079 | — | KEV | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | Jun 5, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-2941 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2023-2940 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2939 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2023-2938 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2937 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2936 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2935 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2934 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2023-3732Aug 1, 2023affected < 115.0.5790.102-bp155.2.13.1fixed 115.0.5790.102-bp155.2.13.1
Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3730Aug 1, 2023affected < 115.0.5790.102-bp155.2.13.1fixed 115.0.5790.102-bp155.2.13.1
Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3728Aug 1, 2023affected < 115.0.5790.102-bp155.2.13.1fixed 115.0.5790.102-bp155.2.13.1
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3727Aug 1, 2023affected < 115.0.5790.102-bp155.2.13.1fixed 115.0.5790.102-bp155.2.13.1
Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3422Jun 26, 2023affected < 114.0.5735.198-bp155.2.10.1fixed 114.0.5735.198-bp155.2.10.1
Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3421Jun 26, 2023affected < 114.0.5735.198-bp155.2.10.1fixed 114.0.5735.198-bp155.2.10.1
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3420Jun 26, 2023affected < 114.0.5735.198-bp155.2.10.1fixed 114.0.5735.198-bp155.2.10.1
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3217Jun 13, 2023affected < 114.0.5735.133-bp154.2.93.1fixed 114.0.5735.133-bp154.2.93.1
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3216Jun 13, 2023affected < 114.0.5735.133-bp154.2.93.1fixed 114.0.5735.133-bp154.2.93.1
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3215Jun 13, 2023affected < 114.0.5735.133-bp154.2.93.1fixed 114.0.5735.133-bp154.2.93.1
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3214Jun 13, 2023affected < 114.0.5735.133-bp154.2.93.1fixed 114.0.5735.133-bp154.2.93.1
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2941May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2023-2940May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2939May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
- CVE-2023-2938May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2937May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2936May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2935May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2934May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 6 of 21