ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Security update for libqt5-qtwebengine
This update for libqt5-qtwebengine fixes the following issues:
Update to version 5.15.10:
-
Fix top level build with no widget
-
Fix read-after-free on EGL extensions
-
Update Chromium
-
Add workaround for unstable gn on macOS in ci
-
Pass archiver to gn build
-
Fix navigation to non-local URLs
-
Add support for universal builds for qtwebengine and qtpdf
-
Enable Apple Silicon support
-
Fix cross compilation x86_64->arm64 on mac
-
Bump version to 5.15.10
-
CustomDialogs: Make custom input fields readable in dark mode
-
CookieBrowser: Make alternating rows readable in dark mode
-
Update Chromium:
- Bump V8_PATCH_LEVEL
- Fix clang set-but-unused-variable warning
- Fix mac toolchain python linker script call
- Fix missing dependency for gpu sources
- Fix python calls
- Fix undefined symbol for universal link
- Quick fix for regression in service workers by reverting backports
- [Backport] CVE-2022-0797: Out of bounds memory access in Mojo
- [Backport] CVE-2022-1125
- [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor.
- [Backport] CVE-2022-1305: Use after free in storage
- [Backport] CVE-2022-1310: Use after free in regular expressions
- [Backport] CVE-2022-1314: Type Confusion in V8
- [Backport] CVE-2022-1493: Use after free in Dev Tools
- [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
- [Backport] Security Bug 1296876
- [Backport] Security bug 1269999
- [Backport] Security bug 1280852
- [Backport] Security bug 1292905
- [Backport] Security bug 1304659
- [Backport] Security bug 1306507
Π‘ΠΏΠΈΡΠΎΠΊ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ²
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Π‘ΡΡΠ»ΠΊΠΈ
- E-Mail link for openSUSE-SU-2022:10049-1
- SUSE Security Ratings
- SUSE CVE CVE-2022-0797 page
- SUSE CVE CVE-2022-1125 page
- SUSE CVE CVE-2022-1138 page
- SUSE CVE CVE-2022-1305 page
- SUSE CVE CVE-2022-1310 page
- SUSE CVE CVE-2022-1314 page
- SUSE CVE CVE-2022-1493 page
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-0797
- SUSE Bug 1196641
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-1125
- SUSE Bug 1197680
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-1138
- SUSE Bug 1197680
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-1305
- SUSE Bug 1198361
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-1310
- SUSE Bug 1198361
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-1314
- SUSE Bug 1198361
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2022-1493
- SUSE Bug 1198917