Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 97.0.4692.71 (boo#1194331):
- CVE-2022-0096: Use after free in Storage
- CVE-2022-0097: Inappropriate implementation in DevTools
- CVE-2022-0098: Use after free in Screen Capture
- CVE-2022-0099: Use after free in Sign-in
- CVE-2022-0100: Heap buffer overflow in Media streams API
- CVE-2022-0101: Heap buffer overflow in Bookmarks
- CVE-2022-0102: Type Confusion in V8
- CVE-2022-0103: Use after free in SwiftShader
- CVE-2022-0104: Heap buffer overflow in ANGLE
- CVE-2022-0105: Use after free in PDF
- CVE-2022-0106: Use after free in Autofill
- CVE-2022-0107: Use after free in File Manager API
- CVE-2022-0108: Inappropriate implementation in Navigation
- CVE-2022-0109: Inappropriate implementation in Autofill
- CVE-2022-0110: Incorrect security UI in Autofill
- CVE-2022-0111: Inappropriate implementation in Navigation
- CVE-2022-0112: Incorrect security UI in Browser UI
- CVE-2022-0113: Inappropriate implementation in Blink
- CVE-2022-0114: Out of bounds memory access in Web Serial
- CVE-2022-0115: Uninitialized Use in File API
- CVE-2022-0116: Inappropriate implementation in Compositing
- CVE-2022-0117: Policy bypass in Service Workers
- CVE-2022-0118: Inappropriate implementation in WebShare
- CVE-2022-0120: Inappropriate implementation in Passwords
- Revert wayland fixes because it doesn't handle GPU correctly (boo#1194182)
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:0014-1
- SUSE Security Ratings
- SUSE Bug 1194055
- SUSE Bug 1194182
- SUSE Bug 1194331
- SUSE CVE CVE-2022-0096 page
- SUSE CVE CVE-2022-0097 page
- SUSE CVE CVE-2022-0098 page
- SUSE CVE CVE-2022-0099 page
- SUSE CVE CVE-2022-0100 page
- SUSE CVE CVE-2022-0101 page
- SUSE CVE CVE-2022-0102 page
- SUSE CVE CVE-2022-0103 page
- SUSE CVE CVE-2022-0104 page
- SUSE CVE CVE-2022-0105 page
- SUSE CVE CVE-2022-0106 page
- SUSE CVE CVE-2022-0107 page
- SUSE CVE CVE-2022-0108 page
- SUSE CVE CVE-2022-0109 page
- SUSE CVE CVE-2022-0110 page
Описание
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0096
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0097
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.
Затронутые продукты
Ссылки
- CVE-2022-0098
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.
Затронутые продукты
Ссылки
- CVE-2022-0099
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0100
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.
Затронутые продукты
Ссылки
- CVE-2022-0101
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0102
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0103
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0104
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0105
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0106
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0107
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0108
- SUSE Bug 1194331
- SUSE Bug 1210731
- SUSE Bug 1213802
Описание
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0109
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0110
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0111
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.
Затронутые продукты
Ссылки
- CVE-2022-0112
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0113
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.
Затронутые продукты
Ссылки
- CVE-2022-0114
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0115
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0116
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0117
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0118
- SUSE Bug 1194331
- SUSE Bug 1213802
Описание
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.
Затронутые продукты
Ссылки
- CVE-2022-0120
- SUSE Bug 1194331
- SUSE Bug 1213802