Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 102.0.5005.115 (boo#1200423)
- CVE-2022-2007: Use after free in WebGPU
- CVE-2022-2008: Out of bounds memory access in WebGL
- CVE-2022-2010: Out of bounds read in compositing
- CVE-2022-2011: Use after free in ANGLE
Chromium 102.0.5001.61 (boo#1199893)
- CVE-2022-1853: Use after free in Indexed DB
- CVE-2022-1854: Use after free in ANGLE
- CVE-2022-1855: Use after free in Messaging
- CVE-2022-1856: Use after free in User Education
- CVE-2022-1857: Insufficient policy enforcement in File System API
- CVE-2022-1858: Out of bounds read in DevTools
- CVE-2022-1859: Use after free in Performance Manager
- CVE-2022-1860: Use after free in UI Foundations
- CVE-2022-1861: Use after free in Sharing
- CVE-2022-1862: Inappropriate implementation in Extensions
- CVE-2022-1863: Use after free in Tab Groups
- CVE-2022-1864: Use after free in WebApp Installs
- CVE-2022-1865: Use after free in Bookmarks
- CVE-2022-1866: Use after free in Tablet Mode
- CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
- CVE-2022-1868: Inappropriate implementation in Extensions API
- CVE-2022-1869: Type Confusion in V8
- CVE-2022-1870: Use after free in App Service
- CVE-2022-1871: Insufficient policy enforcement in File System API
- CVE-2022-1872: Insufficient policy enforcement in Extensions API
- CVE-2022-1873: Insufficient policy enforcement in COOP
- CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
- CVE-2022-1875: Inappropriate implementation in PDF
- CVE-2022-1876: Heap buffer overflow in DevTools
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:10009-1
- SUSE Security Ratings
- SUSE Bug 1199893
- SUSE Bug 1200139
- SUSE Bug 1200423
- SUSE CVE CVE-2022-1853 page
- SUSE CVE CVE-2022-1854 page
- SUSE CVE CVE-2022-1855 page
- SUSE CVE CVE-2022-1856 page
- SUSE CVE CVE-2022-1857 page
- SUSE CVE CVE-2022-1858 page
- SUSE CVE CVE-2022-1859 page
- SUSE CVE CVE-2022-1860 page
- SUSE CVE CVE-2022-1861 page
- SUSE CVE CVE-2022-1862 page
- SUSE CVE CVE-2022-1863 page
- SUSE CVE CVE-2022-1864 page
- SUSE CVE CVE-2022-1865 page
- SUSE CVE CVE-2022-1866 page
- SUSE CVE CVE-2022-1867 page
Описание
Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1853
- SUSE Bug 1199893
Описание
Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1854
- SUSE Bug 1199893
Описание
Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1855
- SUSE Bug 1199893
Описание
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction.
Затронутые продукты
Ссылки
- CVE-2022-1856
- SUSE Bug 1199893
Описание
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1857
- SUSE Bug 1199893
Описание
Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction.
Затронутые продукты
Ссылки
- CVE-2022-1858
- SUSE Bug 1199893
Описание
Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1859
- SUSE Bug 1199893
Описание
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.
Затронутые продукты
Ссылки
- CVE-2022-1860
- SUSE Bug 1199893
Описание
Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction.
Затронутые продукты
Ссылки
- CVE-2022-1861
- SUSE Bug 1199893
Описание
Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1862
- SUSE Bug 1199893
Описание
Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Затронутые продукты
Ссылки
- CVE-2022-1863
- SUSE Bug 1199893
Описание
Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Затронутые продукты
Ссылки
- CVE-2022-1864
- SUSE Bug 1199893
Описание
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.
Затронутые продукты
Ссылки
- CVE-2022-1865
- SUSE Bug 1199893
Описание
Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions.
Затронутые продукты
Ссылки
- CVE-2022-1866
- SUSE Bug 1199893
Описание
Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content.
Затронутые продукты
Ссылки
- CVE-2022-1867
- SUSE Bug 1199893
Описание
Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1868
- SUSE Bug 1199893
Описание
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1869
- SUSE Bug 1199893
Описание
Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
Затронутые продукты
Ссылки
- CVE-2022-1870
- SUSE Bug 1199893
Описание
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1871
- SUSE Bug 1199893
Описание
Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1872
- SUSE Bug 1199893
Описание
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1873
- SUSE Bug 1199893
Описание
Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1874
- SUSE Bug 1199893
Описание
Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1875
- SUSE Bug 1199893
Описание
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-1876
- SUSE Bug 1199893
Описание
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2007
- SUSE Bug 1200423
Описание
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2008
- SUSE Bug 1200423
Описание
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2010
- SUSE Bug 1200423
Описание
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2011
- SUSE Bug 1200423