Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 104.0.5112.101 (boo#1202509):
- CVE-2022-2852: Use after free in FedCM
- CVE-2022-2854: Use after free in SwiftShader
- CVE-2022-2855: Use after free in ANGLE
- CVE-2022-2857: Use after free in Blink
- CVE-2022-2858: Use after free in Sign-In Flow
- CVE-2022-2853: Heap buffer overflow in Downloads
- CVE-2022-2856: Insufficient validation of untrusted input in Intents
- CVE-2022-2859: Use after free in Chrome OS Shell
- CVE-2022-2860: Insufficient policy enforcement in Cookies
- CVE-2022-2861: Inappropriate implementation in Extensions API
- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)
Список пакетов
SUSE Package Hub 15 SP3
SUSE Package Hub 15 SP4
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2022:10099-1
- SUSE Security Ratings
- SUSE Bug 1202509
- SUSE CVE CVE-2022-2852 page
- SUSE CVE CVE-2022-2853 page
- SUSE CVE CVE-2022-2854 page
- SUSE CVE CVE-2022-2855 page
- SUSE CVE CVE-2022-2856 page
- SUSE CVE CVE-2022-2857 page
- SUSE CVE CVE-2022-2858 page
- SUSE CVE CVE-2022-2859 page
- SUSE CVE CVE-2022-2860 page
- SUSE CVE CVE-2022-2861 page
Описание
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2852
- SUSE Bug 1202509
Описание
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2853
- SUSE Bug 1202509
Описание
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2854
- SUSE Bug 1202509
Описание
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2855
- SUSE Bug 1202509
Описание
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2856
- SUSE Bug 1202509
Описание
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2857
- SUSE Bug 1202509
Описание
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
Затронутые продукты
Ссылки
- CVE-2022-2858
- SUSE Bug 1202509
Описание
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
Затронутые продукты
Ссылки
- CVE-2022-2859
- SUSE Bug 1202509
Описание
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2860
- SUSE Bug 1202509
Описание
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
Затронутые продукты
Ссылки
- CVE-2022-2861
- SUSE Bug 1202509