Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 105.0.5195.127 (boo#1203419):
- CVE-2022-3195: Out of bounds write in Storage
- CVE-2022-3196: Use after free in PDF
- CVE-2022-3197: Use after free in PDF
- CVE-2022-3198: Use after free in PDF
- CVE-2022-3199: Use after free in Frames
- CVE-2022-3200: Heap buffer overflow in Internals
- CVE-2022-3201: Insufficient validation of untrusted input in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Список пакетов
SUSE Package Hub 15 SP3
SUSE Package Hub 15 SP4
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2022:10123-1
- SUSE Security Ratings
- SUSE Bug 1203419
- SUSE CVE CVE-2022-3195 page
- SUSE CVE CVE-2022-3196 page
- SUSE CVE CVE-2022-3197 page
- SUSE CVE CVE-2022-3198 page
- SUSE CVE CVE-2022-3199 page
- SUSE CVE CVE-2022-3200 page
- SUSE CVE CVE-2022-3201 page
Описание
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3195
- SUSE Bug 1203419
Описание
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3196
- SUSE Bug 1203419
Описание
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3197
- SUSE Bug 1203419
Описание
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3198
- SUSE Bug 1203419
Описание
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3199
- SUSE Bug 1203419
Описание
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3200
- SUSE Bug 1203419
Описание
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3201
- SUSE Bug 1203419
- SUSE Bug 1203808