Описание
Security update for chromium
This update for chromium fixes the following issues:
- Chromium 98.0.4758.102 (boo#1195986)
- CVE-2022-0603: Use after free in File Manager
- CVE-2022-0604: Heap buffer overflow in Tab Groups
- CVE-2022-0605: Use after free in Webstore API
- CVE-2022-0606: Use after free in ANGLE
- CVE-2022-0607: Use after free in GPU
- CVE-2022-0608: Integer overflow in Mojo
- CVE-2022-0609: Use after free in Animation
- CVE-2022-0610: Inappropriate implementation in Gamepad API
- Various fixes from internal audits, fuzzing and other initiatives
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:0042-1
- SUSE Security Ratings
- SUSE Bug 1195986
- SUSE CVE CVE-2022-0603 page
- SUSE CVE CVE-2022-0604 page
- SUSE CVE CVE-2022-0605 page
- SUSE CVE CVE-2022-0606 page
- SUSE CVE CVE-2022-0607 page
- SUSE CVE CVE-2022-0608 page
- SUSE CVE CVE-2022-0609 page
- SUSE CVE CVE-2022-0610 page
Описание
Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0603
- SUSE Bug 1195986
Описание
Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0604
- SUSE Bug 1195986
Описание
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0605
- SUSE Bug 1195986
Описание
Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0606
- SUSE Bug 1195986
Описание
Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0607
- SUSE Bug 1195986
Описание
Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0608
- SUSE Bug 1195986
Описание
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0609
- SUSE Bug 1195986
Описание
Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0610
- SUSE Bug 1195986