openSUSE-SU-2022:10119-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10119-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10119-1
Related
Published
2022-09-12T14:03:27Z
Modified
2022-09-12T14:03:27Z
Summary
Security update for chromium
Details

This update for chromium fixes the following issues:

Chromium 105.0.5195.102 (boo#1203102):

  • CVE-2022-3075: Insufficient data validation in Mojo

Chromium 105.0.5195.52 (boo#1202964):

  • CVE-2022-3038: Use after free in Network Service
  • CVE-2022-3039: Use after free in WebSQL
  • CVE-2022-3040: Use after free in Layout
  • CVE-2022-3041: Use after free in WebSQL
  • CVE-2022-3042: Use after free in PhoneHub
  • CVE-2022-3043: Heap buffer overflow in Screen Capture
  • CVE-2022-3044: Inappropriate implementation in Site Isolation
  • CVE-2022-3045: Insufficient validation of untrusted input in V8
  • CVE-2022-3046: Use after free in Browser Tag
  • CVE-2022-3071: Use after free in Tab Strip
  • CVE-2022-3047: Insufficient policy enforcement in Extensions API
  • CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
  • CVE-2022-3049: Use after free in SplitScreen
  • CVE-2022-3050: Heap buffer overflow in WebUI
  • CVE-2022-3051: Heap buffer overflow in Exosphere
  • CVE-2022-3052: Heap buffer overflow in Window Manager
  • CVE-2022-3053: Inappropriate implementation in Pointer Lock
  • CVE-2022-3054: Insufficient policy enforcement in DevTools
  • CVE-2022-3055: Use after free in Passwords
  • CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
  • CVE-2022-3057: Inappropriate implementation in iframe Sandbox
  • CVE-2022-3058: Use after free in Sign-In Flow

  • Update chromium-symbolic.svg: this fixes boo#1202403.

  • Fix quoting in chrome-wrapper, don't put cwd on LDLIBRARYPATH

References

Affected packages

SUSE:Package Hub 15 SP4 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
105.0.5195.102-bp154.2.26.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "105.0.5195.102-bp154.2.26.1",
            "chromium": "105.0.5195.102-bp154.2.26.1"
        }
    ]
}

openSUSE:Leap 15.4 / chromium

Package

Name
chromium
Purl
purl:rpm/suse/chromium&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
105.0.5195.102-bp154.2.26.1

Ecosystem specific

{
    "binaries": [
        {
            "chromedriver": "105.0.5195.102-bp154.2.26.1",
            "chromium": "105.0.5195.102-bp154.2.26.1"
        }
    ]
}