Lucene search

K
suseSuseOPENSUSE-SU-2022:0075-1
HistoryMar 07, 2022 - 12:00 a.m.

Security update for chromium (important)

2022-03-0700:00:00
lists.opensuse.org
51
chromium
update
vulnerabilities
heap buffer overflow
use after free
out of bounds read
type confusion
insufficient policy enforcement
data leak
data leak
data leak
data leak
data leak
data leak
data leak
data leak
data leak
data leak
data leak
data leak
data leak

EPSS

0.003

Percentile

70.3%

An update that fixes 21 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 99.0.4844.51 (boo#1196641)

  • CVE-2022-0789: Heap buffer overflow in ANGLE
  • CVE-2022-0790: Use after free in Cast UI
  • CVE-2022-0791: Use after free in Omnibox
  • CVE-2022-0792: Out of bounds read in ANGLE
  • CVE-2022-0793: Use after free in Views
  • CVE-2022-0794: Use after free in WebShare
  • CVE-2022-0795: Type Confusion in Blink Layout
  • CVE-2022-0796: Use after free in Media
  • CVE-2022-0797: Out of bounds memory access in Mojo
  • CVE-2022-0798: Use after free in MediaStream
  • CVE-2022-0799: Insufficient policy enforcement in Installer
  • CVE-2022-0800: Heap buffer overflow in Cast UI
  • CVE-2022-0801: Inappropriate implementation in HTML parser
  • CVE-2022-0802: Inappropriate implementation in Full screen mode
  • CVE-2022-0803: Inappropriate implementation in Permissions
  • CVE-2022-0804: Inappropriate implementation in Full screen mode
  • CVE-2022-0805: Use after free in Browser Switcher
  • CVE-2022-0806: Data leak in Canvas
  • CVE-2022-0807: Inappropriate implementation in Autofill
  • CVE-2022-0808: Use after free in Chrome OS Shell
  • CVE-2022-0809: Out of bounds memory access in WebXR

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-75=1