Upstream information

CVE-2024-1671 at MITRE

Description

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 6.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact None
Integrity Impact High
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1220131 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP5
  • chromedriver >= 122.0.6261.128-bp155.2.75.1
  • chromium >= 122.0.6261.128-bp155.2.75.1
  • clang17 >= 17.0.6-bp155.2.2
  • clang17-devel >= 17.0.6-bp155.2.2
  • clang17-doc >= 17.0.6-bp155.2.2
  • libLLVM17 >= 17.0.6-bp155.2.2
  • libLLVM17-32bit >= 17.0.6-bp155.2.2
  • libLLVM17-64bit >= 17.0.6-bp155.2.2
  • libLTO17 >= 17.0.6-bp155.2.2
  • libclang-cpp17 >= 17.0.6-bp155.2.2
  • libclang-cpp17-32bit >= 17.0.6-bp155.2.2
  • libclang-cpp17-64bit >= 17.0.6-bp155.2.2
  • liblldb17 >= 17.0.6-bp155.2.2
  • libomp17-devel >= 17.0.6-bp155.2.2
  • lld17 >= 17.0.6-bp155.2.2
  • lldb17 >= 17.0.6-bp155.2.2
  • lldb17-devel >= 17.0.6-bp155.2.2
  • llvm17 >= 17.0.6-bp155.2.2
  • llvm17-devel >= 17.0.6-bp155.2.2
  • llvm17-doc >= 17.0.6-bp155.2.2
  • llvm17-gold >= 17.0.6-bp155.2.2
  • llvm17-libc++-devel >= 17.0.6-bp155.2.2
  • llvm17-libc++1 >= 17.0.6-bp155.2.2
  • llvm17-libc++abi-devel >= 17.0.6-bp155.2.2
  • llvm17-libc++abi1 >= 17.0.6-bp155.2.2
  • llvm17-libclang13 >= 17.0.6-bp155.2.2
  • llvm17-opt-viewer >= 17.0.6-bp155.2.2
  • llvm17-polly >= 17.0.6-bp155.2.2
  • llvm17-polly-devel >= 17.0.6-bp155.2.2
  • llvm17-vim-plugins >= 17.0.6-bp155.2.2
  • python3-clang17 >= 17.0.6-bp155.2.2
  • python3-lldb17 >= 17.0.6-bp155.2.2
Patchnames:
openSUSE-2024-84
openSUSE Leap 15.5
  • chromedriver >= 122.0.6261.128-bp155.2.75.1
  • chromium >= 122.0.6261.128-bp155.2.75.1
  • clang17 >= 17.0.6-bp155.2.2
  • clang17-devel >= 17.0.6-bp155.2.2
  • clang17-doc >= 17.0.6-bp155.2.2
  • libLLVM17 >= 17.0.6-bp155.2.2
  • libLLVM17-32bit >= 17.0.6-bp155.2.2
  • libLLVM17-64bit >= 17.0.6-bp155.2.2
  • libLTO17 >= 17.0.6-bp155.2.2
  • libclang-cpp17 >= 17.0.6-bp155.2.2
  • libclang-cpp17-32bit >= 17.0.6-bp155.2.2
  • libclang-cpp17-64bit >= 17.0.6-bp155.2.2
  • liblldb17 >= 17.0.6-bp155.2.2
  • libomp17-devel >= 17.0.6-bp155.2.2
  • lld17 >= 17.0.6-bp155.2.2
  • lldb17 >= 17.0.6-bp155.2.2
  • lldb17-devel >= 17.0.6-bp155.2.2
  • llvm17 >= 17.0.6-bp155.2.2
  • llvm17-devel >= 17.0.6-bp155.2.2
  • llvm17-doc >= 17.0.6-bp155.2.2
  • llvm17-gold >= 17.0.6-bp155.2.2
  • llvm17-libc++-devel >= 17.0.6-bp155.2.2
  • llvm17-libc++1 >= 17.0.6-bp155.2.2
  • llvm17-libc++abi-devel >= 17.0.6-bp155.2.2
  • llvm17-libc++abi1 >= 17.0.6-bp155.2.2
  • llvm17-libclang13 >= 17.0.6-bp155.2.2
  • llvm17-opt-viewer >= 17.0.6-bp155.2.2
  • llvm17-polly >= 17.0.6-bp155.2.2
  • llvm17-polly-devel >= 17.0.6-bp155.2.2
  • llvm17-vim-plugins >= 17.0.6-bp155.2.2
  • python3-clang17 >= 17.0.6-bp155.2.2
  • python3-lldb17 >= 17.0.6-bp155.2.2
Patchnames:
openSUSE-2024-84
openSUSE Tumbleweed
  • chromedriver >= 122.0.6261.111-1.1
  • chromium >= 122.0.6261.111-1.1
  • ungoogled-chromium >= 122.0.6261.111-1.1
  • ungoogled-chromium-chromedriver >= 122.0.6261.111-1.1
Patchnames:
openSUSE-Tumbleweed-2024-13764
openSUSE-Tumbleweed-2024-13766


SUSE Timeline for this CVE

CVE page created: Wed Feb 21 09:30:13 2024
CVE page last modified: Fri Dec 6 17:50:49 2024