Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 99.0.4844.51 (boo#1196641)
- CVE-2022-0789: Heap buffer overflow in ANGLE
- CVE-2022-0790: Use after free in Cast UI
- CVE-2022-0791: Use after free in Omnibox
- CVE-2022-0792: Out of bounds read in ANGLE
- CVE-2022-0793: Use after free in Views
- CVE-2022-0794: Use after free in WebShare
- CVE-2022-0795: Type Confusion in Blink Layout
- CVE-2022-0796: Use after free in Media
- CVE-2022-0797: Out of bounds memory access in Mojo
- CVE-2022-0798: Use after free in MediaStream
- CVE-2022-0799: Insufficient policy enforcement in Installer
- CVE-2022-0800: Heap buffer overflow in Cast UI
- CVE-2022-0801: Inappropriate implementation in HTML parser
- CVE-2022-0802: Inappropriate implementation in Full screen mode
- CVE-2022-0803: Inappropriate implementation in Permissions
- CVE-2022-0804: Inappropriate implementation in Full screen mode
- CVE-2022-0805: Use after free in Browser Switcher
- CVE-2022-0806: Data leak in Canvas
- CVE-2022-0807: Inappropriate implementation in Autofill
- CVE-2022-0808: Use after free in Chrome OS Shell
- CVE-2022-0809: Out of bounds memory access in WebXR
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:0075-1
- SUSE Security Ratings
- SUSE Bug 1196641
- SUSE CVE CVE-2022-0789 page
- SUSE CVE CVE-2022-0790 page
- SUSE CVE CVE-2022-0791 page
- SUSE CVE CVE-2022-0792 page
- SUSE CVE CVE-2022-0793 page
- SUSE CVE CVE-2022-0794 page
- SUSE CVE CVE-2022-0795 page
- SUSE CVE CVE-2022-0796 page
- SUSE CVE CVE-2022-0797 page
- SUSE CVE CVE-2022-0798 page
- SUSE CVE CVE-2022-0799 page
- SUSE CVE CVE-2022-0800 page
- SUSE CVE CVE-2022-0801 page
- SUSE CVE CVE-2022-0802 page
- SUSE CVE CVE-2022-0803 page
- SUSE CVE CVE-2022-0804 page
- SUSE CVE CVE-2022-0805 page
Описание
Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0789
- SUSE Bug 1196641
Описание
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0790
- SUSE Bug 1196641
Описание
Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.
Затронутые продукты
Ссылки
- CVE-2022-0791
- SUSE Bug 1196641
Описание
Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0792
- SUSE Bug 1196641
Описание
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2022-0793
- SUSE Bug 1196641
Описание
Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0794
- SUSE Bug 1196641
Описание
Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0795
- SUSE Bug 1196641
Описание
Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0796
- SUSE Bug 1196641
Описание
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0797
- SUSE Bug 1196641
Описание
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2022-0798
- SUSE Bug 1196641
Описание
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
Затронутые продукты
Ссылки
- CVE-2022-0799
- SUSE Bug 1196641
Описание
Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0800
- SUSE Bug 1196641
Описание
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-0801
- SUSE Bug 1196641
Описание
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0802
- SUSE Bug 1196641
Описание
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0803
- SUSE Bug 1196641
Описание
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0804
- SUSE Bug 1196641
Описание
Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
Затронутые продукты
Ссылки
- CVE-2022-0805
- SUSE Bug 1196641
Описание
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0806
- SUSE Bug 1196641
Описание
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0807
- SUSE Bug 1196641
Описание
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.
Затронутые продукты
Ссылки
- CVE-2022-0808
- SUSE Bug 1196641
Описание
Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-0809
- SUSE Bug 1196641