Описание
Security update for chromium
This update for chromium fixes the following issues:
Chromium 107.0.5304.87 (boo#1204819)
- CVE-2022-3723: Type Confusion in V8
Chromium 107.0.5304.68 (boo#1204732)
- CVE-2022-3652: Type Confusion in V8
- CVE-2022-3653: Heap buffer overflow in Vulkan
- CVE-2022-3654: Use after free in Layout
- CVE-2022-3655: Heap buffer overflow in Media Galleries
- CVE-2022-3656: Insufficient data validation in File System
- CVE-2022-3657: Use after free in Extensions
- CVE-2022-3658: Use after free in Feedback service on Chrome OS
- CVE-2022-3659: Use after free in Accessibility
- CVE-2022-3660: Inappropriate implementation in Full screen mode
- CVE-2022-3661: Insufficient data validation in Extensions
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2022:10180-1
- SUSE Security Ratings
- SUSE Bug 1204732
- SUSE Bug 1204819
- SUSE CVE CVE-2022-3652 page
- SUSE CVE CVE-2022-3653 page
- SUSE CVE CVE-2022-3654 page
- SUSE CVE CVE-2022-3655 page
- SUSE CVE CVE-2022-3656 page
- SUSE CVE CVE-2022-3657 page
- SUSE CVE CVE-2022-3658 page
- SUSE CVE CVE-2022-3659 page
- SUSE CVE CVE-2022-3660 page
- SUSE CVE CVE-2022-3661 page
- SUSE CVE CVE-2022-3723 page
Описание
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3652
- SUSE Bug 1204732
Описание
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3653
- SUSE Bug 1204732
Описание
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3654
- SUSE Bug 1204732
Описание
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-3655
- SUSE Bug 1204732
Описание
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-3656
- SUSE Bug 1204732
Описание
Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-3657
- SUSE Bug 1204732
Описание
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-3658
- SUSE Bug 1204732
Описание
Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-3659
- SUSE Bug 1204732
Описание
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Затронутые продукты
Ссылки
- CVE-2022-3660
- SUSE Bug 1204732
Описание
Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low)
Затронутые продукты
Ссылки
- CVE-2022-3661
- SUSE Bug 1204732
Описание
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Затронутые продукты
Ссылки
- CVE-2022-3723
- SUSE Bug 1204819