Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 106.0.5249.119 (boo#1204223):
- CVE-2022-3445: Use after free in Skia
- CVE-2022-3446: Heap buffer overflow in WebSQL
- CVE-2022-3447: Inappropriate implementation in Custom Tabs
- CVE-2022-3448: Use after free in Permissions API
- CVE-2022-3449: Use after free in Safe Browsing
- CVE-2022-3450: Use after free in Peer Connection
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2022:10146-1
- SUSE Security Ratings
- SUSE Bug 1204223
- SUSE CVE CVE-2022-3445 page
- SUSE CVE CVE-2022-3446 page
- SUSE CVE CVE-2022-3447 page
- SUSE CVE CVE-2022-3448 page
- SUSE CVE CVE-2022-3449 page
- SUSE CVE CVE-2022-3450 page
Описание
Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3445
- SUSE Bug 1204223
Описание
Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3446
- SUSE Bug 1204223
Описание
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3447
- SUSE Bug 1204223
Описание
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3448
- SUSE Bug 1204223
Описание
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3449
- SUSE Bug 1204223
Описание
Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3450
- SUSE Bug 1204223