openSUSE-SU-2022:10120-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10120-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2022:10120-1
- Related
- Published
- 2022-09-12T14:22:32Z
- Modified
- 2022-09-12T14:22:32Z
- Summary
- Security update for chromium
- Details
-
This update for chromium fixes the following issues:
Chromium 105.0.5195.102 (boo#1203102):
- CVE-2022-3075: Insufficient data validation in Mojo
Chromium 105.0.5195.52 (boo#1202964):
- CVE-2022-3038: Use after free in Network Service
- CVE-2022-3039: Use after free in WebSQL
- CVE-2022-3040: Use after free in Layout
- CVE-2022-3041: Use after free in WebSQL
- CVE-2022-3042: Use after free in PhoneHub
- CVE-2022-3043: Heap buffer overflow in Screen Capture
- CVE-2022-3044: Inappropriate implementation in Site Isolation
- CVE-2022-3045: Insufficient validation of untrusted input in V8
- CVE-2022-3046: Use after free in Browser Tag
- CVE-2022-3071: Use after free in Tab Strip
- CVE-2022-3047: Insufficient policy enforcement in Extensions API
- CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
- CVE-2022-3049: Use after free in SplitScreen
- CVE-2022-3050: Heap buffer overflow in WebUI
- CVE-2022-3051: Heap buffer overflow in Exosphere
- CVE-2022-3052: Heap buffer overflow in Window Manager
- CVE-2022-3053: Inappropriate implementation in Pointer Lock
- CVE-2022-3054: Insufficient policy enforcement in DevTools
- CVE-2022-3055: Use after free in Passwords
- CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
- CVE-2022-3057: Inappropriate implementation in iframe Sandbox
CVE-2022-3058: Use after free in Sign-In Flow
Update chromium-symbolic.svg: this fixes boo#1202403.
- Fix quoting in chrome-wrapper, don't put cwd on LDLIBRARYPATH
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2EVLCBABO7RGGUVQCAZPA7MNGKWHWCJN/
- https://bugzilla.suse.com/1202403
- https://bugzilla.suse.com/1202964
- https://bugzilla.suse.com/1203102
- https://www.suse.com/security/cve/CVE-2022-3038
- https://www.suse.com/security/cve/CVE-2022-3039
- https://www.suse.com/security/cve/CVE-2022-3040
- https://www.suse.com/security/cve/CVE-2022-3041
- https://www.suse.com/security/cve/CVE-2022-3042
- https://www.suse.com/security/cve/CVE-2022-3043
- https://www.suse.com/security/cve/CVE-2022-3044
- https://www.suse.com/security/cve/CVE-2022-3045
- https://www.suse.com/security/cve/CVE-2022-3046
- https://www.suse.com/security/cve/CVE-2022-3047
- https://www.suse.com/security/cve/CVE-2022-3048
- https://www.suse.com/security/cve/CVE-2022-3049
- https://www.suse.com/security/cve/CVE-2022-3050
- https://www.suse.com/security/cve/CVE-2022-3051
- https://www.suse.com/security/cve/CVE-2022-3052
- https://www.suse.com/security/cve/CVE-2022-3053
- https://www.suse.com/security/cve/CVE-2022-3054
- https://www.suse.com/security/cve/CVE-2022-3055
- https://www.suse.com/security/cve/CVE-2022-3056
- https://www.suse.com/security/cve/CVE-2022-3057
- https://www.suse.com/security/cve/CVE-2022-3058
- https://www.suse.com/security/cve/CVE-2022-3071
- https://www.suse.com/security/cve/CVE-2022-3075
Affected packages
SUSE:Package Hub 15 SP3 / chromium
Package
- Name
- chromium
- Purl
- purl:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3