Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 97.0.4692.99 (boo#1194919):
- CVE-2022-0289: Use after free in Safe browsing
- CVE-2022-0290: Use after free in Site isolation
- CVE-2022-0291: Inappropriate implementation in Storage
- CVE-2022-0292: Inappropriate implementation in Fenced Frames
- CVE-2022-0293: Use after free in Web packaging
- CVE-2022-0294: Inappropriate implementation in Push messaging
- CVE-2022-0295: Use after free in Omnibox
- CVE-2022-0296: Use after free in Printing
- CVE-2022-0297: Use after free in Vulkan
- CVE-2022-0298: Use after free in Scheduling
- CVE-2022-0300: Use after free in Text Input Method Editor
- CVE-2022-0301: Heap buffer overflow in DevTools
- CVE-2022-0302: Use after free in Omnibox
- CVE-2022-0303: Race in GPU Watchdog
- CVE-2022-0304: Use after free in Bookmarks
- CVE-2022-0305: Inappropriate implementation in Service Worker API
- CVE-2022-0306: Heap buffer overflow in PDFium
- CVE-2022-0307: Use after free in Optimization Guide
- CVE-2022-0308: Use after free in Data Transfer
- CVE-2022-0309: Inappropriate implementation in Autofill
- CVE-2022-0310: Heap buffer overflow in Task Manager
- CVE-2022-0311: Heap buffer overflow in Task Manager
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:0019-1
- SUSE Security Ratings
- SUSE Bug 1194919
- SUSE CVE CVE-2022-0289 page
- SUSE CVE CVE-2022-0290 page
- SUSE CVE CVE-2022-0291 page
- SUSE CVE CVE-2022-0292 page
- SUSE CVE CVE-2022-0293 page
- SUSE CVE CVE-2022-0294 page
- SUSE CVE CVE-2022-0295 page
- SUSE CVE CVE-2022-0296 page
- SUSE CVE CVE-2022-0297 page
- SUSE CVE CVE-2022-0298 page
- SUSE CVE CVE-2022-0300 page
- SUSE CVE CVE-2022-0301 page
- SUSE CVE CVE-2022-0302 page
- SUSE CVE CVE-2022-0303 page
- SUSE CVE CVE-2022-0304 page
- SUSE CVE CVE-2022-0305 page
- SUSE CVE CVE-2022-0306 page
Описание
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0289
- SUSE Bug 1194919
Описание
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0290
- SUSE Bug 1194919
Описание
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0291
- SUSE Bug 1194919
Описание
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0292
- SUSE Bug 1194919
Описание
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0293
- SUSE Bug 1194919
Описание
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0294
- SUSE Bug 1194919
Описание
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0295
- SUSE Bug 1194919
Описание
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0296
- SUSE Bug 1194919
Описание
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0297
- SUSE Bug 1194919
Описание
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0298
- SUSE Bug 1194919
Описание
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0300
- SUSE Bug 1194919
Описание
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0301
- SUSE Bug 1194919
Описание
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0302
- SUSE Bug 1194919
Описание
** REJECT ** Further investigation determines issue is not a vulnerability
Затронутые продукты
Ссылки
- CVE-2022-0303
- SUSE Bug 1194919
Описание
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0304
- SUSE Bug 1194919
Описание
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0305
- SUSE Bug 1194919
Описание
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0306
- SUSE Bug 1194919
Описание
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0307
- SUSE Bug 1194919
Описание
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0308
- SUSE Bug 1194919
Описание
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0309
- SUSE Bug 1194919
Описание
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
Затронутые продукты
Ссылки
- CVE-2022-0310
- SUSE Bug 1194919
Описание
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0311
- SUSE Bug 1194919