GoogleOSV:OPENSUSE-SU-2024:0254-2Security update for chromium, gn, rust-bindgen
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
This update for chromium, gn, rust-bindgen fixes the following issues:
-
Chromium 127.0.6533.119 (boo#1228941)
- CVE-2024-7532: Out of bounds memory access in ANGLE
- CVE-2024-7533: Use after free in Sharing
- CVE-2024-7550: Type Confusion in V8
- CVE-2024-7534: Heap buffer overflow in Layout
- CVE-2024-7535: Inappropriate implementation in V8
- CVE-2024-7536: Use after free in WebAudio
-
Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
- CVE-2024-6988: Use after free in Downloads
- CVE-2024-6989: Use after free in Loader
- CVE-2024-6991: Use after free in Dawn
- CVE-2024-6992: Out of bounds memory access in ANGLE
- CVE-2024-6993: Inappropriate implementation in Canvas
- CVE-2024-6994: Heap buffer overflow in Layout
- CVE-2024-6995: Inappropriate implementation in Fullscreen
- CVE-2024-6996: Race in Frames
- CVE-2024-6997: Use after free in Tabs
- CVE-2024-6998: Use after free in User Education
- CVE-2024-6999: Inappropriate implementation in FedCM
- CVE-2024-7000: Use after free in CSS. Reported by Anonymous
- CVE-2024-7001: Inappropriate implementation in HTML
- CVE-2024-7003: Inappropriate implementation in FedCM
- CVE-2024-7004: Insufficient validation of untrusted input
in Safe Browsing - CVE-2024-7005: Insufficient validation of untrusted input
in Safe Browsing - CVE-2024-6990: Uninitialized Use in Dawn
- CVE-2024-7255: Out of bounds read in WebTransport
- CVE-2024-7256: Insufficient data validation in Dawn
gh:
- Update to version 0.20240730:
- Rust: link_output, depend_output and runtime_outputs for dylibs
- Add missing reference section to function_toolchain.cc
- Do not cleanup args.gn imports located in the output directory.
- Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
- Do not add native dependencies to the library search path
- Support linking frameworks and swiftmodules in Rust targets
- [desc] Silence print() statements when outputing json
- infra: Move CI/try builds to Ubuntu-22.04
- [MinGW] Fix mingw building issues
- [gn] Fix ‘link’ in the //examples/simple_build/build/toolchain/BUILD.gn
- [template] Fix ‘rule alink_thin’ in the //build/build_linux.ninja.template
- Allow multiple --ide switches
- [src] Add ‘#include <limits>’ in the //src/base/files/file_enumerator_win.cc
- Get updates to infra/recipes.py from upstream
- Revert ‘Teach gn to handle systems with > 64 processors’
- [apple] Rename the code-signing properties of create_bundle
- Fix a typo in ‘gn help refs’ output
- Revert ‘[bundle] Use ‘phony’ builtin tool for create_bundle targets’
- [bundle] Use ‘phony’ builtin tool for create_bundle targets
- [ios] Simplify handling of assets catalog
- [swift] List all outputs as deps of ‘source_set’ stamp file
- [swift] Update
gn check ...to consider the generated header - [swift] Set
restat = 1to swift build rules - Fix build with gcc12
- [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude()
- [swift] Remove problematic use of ‘stamp’ tool
- Implement new --ninja-outputs-file option.
- Add NinjaOutputsWriter class
- Move InvokePython() function to its own source file.
- zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat
- Enable C++ runtime assertions in debug mode.
- Fix regression in MakeRelativePath()
- fix: Fix Windows MakeRelativePath.
- Add long path support for windows
- Ensure read_file() files are considered by ‘gn analyze’
- apply 2to3 to for some Python scripts
- Add rustflags to desc and help output
- strings: support case insensitive check only in StartsWith/EndsWith
- add .git-blame-ignore-revs
- use std::{string,string_view}::{starts_with,ends_with}
- apply clang-format to all C++ sources
- add forward declaration in rust_values.h
- Add
root_patternslist to build configuration. - Use c++20 in GN build
- update windows sdk to 2024-01-11
- update windows sdk
- Add linux-riscv64.
- Update OWNERS list.
- remove unused function
- Ignore build warning -Werror=redundant-move
- Fix --as=buildfile
gn desc depsoutput. - Update recipe engine to 9dea1246.
- treewide: Fix spelling mistakes
Added rust-bindgen:
- Version 0.69.1
References
bugzilla.suse.com/1228628
bugzilla.suse.com/1228940
bugzilla.suse.com/1228941
bugzilla.suse.com/1228942
lists.opensuse.org/archives/list/[email protected]/thread/KC4DDO3O7C7P2VVA7A7WIO5RVISNZ3HV/
www.suse.com/security/cve/CVE-2024-6988
www.suse.com/security/cve/CVE-2024-6989
www.suse.com/security/cve/CVE-2024-6990
www.suse.com/security/cve/CVE-2024-6991
www.suse.com/security/cve/CVE-2024-6992
www.suse.com/security/cve/CVE-2024-6993
www.suse.com/security/cve/CVE-2024-6994
www.suse.com/security/cve/CVE-2024-6995
www.suse.com/security/cve/CVE-2024-6996
www.suse.com/security/cve/CVE-2024-6997
www.suse.com/security/cve/CVE-2024-6998
www.suse.com/security/cve/CVE-2024-6999
www.suse.com/security/cve/CVE-2024-7000
www.suse.com/security/cve/CVE-2024-7001
www.suse.com/security/cve/CVE-2024-7003
www.suse.com/security/cve/CVE-2024-7004
www.suse.com/security/cve/CVE-2024-7005
www.suse.com/security/cve/CVE-2024-7255
www.suse.com/security/cve/CVE-2024-7256
www.suse.com/security/cve/CVE-2024-7532
www.suse.com/security/cve/CVE-2024-7533
www.suse.com/security/cve/CVE-2024-7534
www.suse.com/security/cve/CVE-2024-7535
www.suse.com/security/cve/CVE-2024-7536
www.suse.com/security/cve/CVE-2024-7550
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High