openSUSE-SU-2022:10201-1

Опубликовано: 14 нояб. 2022

Источник: suse-cvrf

Описание

Security update for chromium

This update for chromium fixes the following issues:

Chromium 107.0.5304.110 (boo#1205221)
- CVE-2022-3885: Use after free in V8
- CVE-2022-3886: Use after free in Speech Recognition
- CVE-2022-3887: Use after free in Web Workers
- CVE-2022-3888: Use after free in WebCodecs
- CVE-2022-3889: Type Confusion in V8
- CVE-2022-3890: Heap buffer overflow in Crashpad

Список пакетов

SUSE Package Hub 15 SP3

chromedriver-107.0.5304.110-bp154.2.43.1

chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4

chromedriver-107.0.5304.110-bp154.2.43.1

chromium-107.0.5304.110-bp154.2.43.1

openSUSE Leap 15.3

chromedriver-107.0.5304.110-bp154.2.43.1

chromium-107.0.5304.110-bp154.2.43.1

openSUSE Leap 15.4

chromedriver-107.0.5304.110-bp154.2.43.1

chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6I5LZV23MCEBLZDJFZZRGXQBMWN5B4RO/
E-Mail link for openSUSE-SU-2022:10201-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205221
SUSE Bug 1205221
https://www.suse.com/security/cve/CVE-2022-3885/
SUSE CVE CVE-2022-3885 page
https://www.suse.com/security/cve/CVE-2022-3886/
SUSE CVE CVE-2022-3886 page
https://www.suse.com/security/cve/CVE-2022-3887/
SUSE CVE CVE-2022-3887 page
https://www.suse.com/security/cve/CVE-2022-3888/
SUSE CVE CVE-2022-3888 page
https://www.suse.com/security/cve/CVE-2022-3889/
SUSE CVE CVE-2022-3889 page
https://www.suse.com/security/cve/CVE-2022-3890/
SUSE CVE CVE-2022-3890 page

Описание

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

SUSE Package Hub 15 SP3:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP3:chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3885.html
CVE-2022-3885
https://bugzilla.suse.com/1205221
SUSE Bug 1205221

Описание

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

SUSE Package Hub 15 SP3:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP3:chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3886.html
CVE-2022-3886
https://bugzilla.suse.com/1205221
SUSE Bug 1205221

Описание

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

SUSE Package Hub 15 SP3:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP3:chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3887.html
CVE-2022-3887
https://bugzilla.suse.com/1205221
SUSE Bug 1205221

Описание

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

SUSE Package Hub 15 SP3:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP3:chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3888.html
CVE-2022-3888
https://bugzilla.suse.com/1205221
SUSE Bug 1205221

Описание

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

SUSE Package Hub 15 SP3:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP3:chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3889.html
CVE-2022-3889
https://bugzilla.suse.com/1205221
SUSE Bug 1205221

Описание

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты

SUSE Package Hub 15 SP3:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP3:chromium-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromedriver-107.0.5304.110-bp154.2.43.1

SUSE Package Hub 15 SP4:chromium-107.0.5304.110-bp154.2.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3890.html
CVE-2022-3890
https://bugzilla.suse.com/1205221
SUSE Bug 1205221

openSUSE-SU-2022:10201-1

Описание

Список пакетов

SUSE Package Hub 15 SP3

SUSE Package Hub 15 SP4

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-3885

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-3886

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-3887

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-3888

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-3889

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-3890

Описание

Затронутые продукты

Ссылки