Upstream information

CVE-2024-3847 at MITRE

Description

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Upstream Security Advisories:

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1222958 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.5 NonFree
  • opera >= 110.0.5130.23-lp155.3.45.1
Patchnames:
openSUSE-2024-128
openSUSE Leap 15.6 NonFree
  • opera >= 110.0.5130.64-lp156.2.6.1
Patchnames:
openSUSE-2024-156
openSUSE Tumbleweed
  • chromedriver >= 124.0.6367.201-1.1
  • chromium >= 124.0.6367.201-1.1
Patchnames:
openSUSE Tumbleweed GA chromedriver-124.0.6367.201-1.1


SUSE Timeline for this CVE

CVE page created: Wed Apr 17 13:45:07 2024
CVE page last modified: Mon Jun 10 17:47:14 2024