rpm package
opensuse/chromium&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4
Vulnerabilities (403)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2933 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2023-2932 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2023-2931 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2023-2930 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2929 | — | < 114.0.5735.106-bp154.2.90.1 | 114.0.5735.106-bp154.2.90.1 | May 30, 2023 | Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2726 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 16, 2023 | Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2725 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 16, 2023 | Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2724 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 16, 2023 | Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2723 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 16, 2023 | Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2722 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 16, 2023 | Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2721 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 16, 2023 | Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2023-2468 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-2467 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-2466 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-2465 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2464 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2463 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2462 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2461 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | ||
| CVE-2023-2460 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) |
- CVE-2023-2933May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2932May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2931May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2930May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2929May 30, 2023affected < 114.0.5735.106-bp154.2.90.1fixed 114.0.5735.106-bp154.2.90.1
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2726May 16, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2725May 16, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2724May 16, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2723May 16, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2722May 16, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2721May 16, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-2468May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-2467May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-2466May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-2465May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2464May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2463May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2462May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2461May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)
- CVE-2023-2460May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
Page 7 of 21