Lucene search

K
suseSuseOPENSUSE-SU-2022:0112-1
HistoryApr 13, 2022 - 12:00 a.m.

Security update for chromium (important)

2022-04-1300:00:00
lists.opensuse.org
13

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

An update that fixes 35 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Updated to Chromium 100.0.4896.88 (boo#1198361)

  • CVE-2022-1305: Use after free in storage
  • CVE-2022-1306: Inappropriate implementation in compositing
  • CVE-2022-1307: Inappropriate implementation in full screen
  • CVE-2022-1308: Use after free in BFCache
  • CVE-2022-1309: Insufficient policy enforcement in developer tools
  • CVE-2022-1310: Use after free in regular expressions
  • CVE-2022-1311: Use after free in Chrome OS shell
  • CVE-2022-1312: Use after free in storage
  • CVE-2022-1313: Use after free in tab groups
  • CVE-2022-1314: Type Confusion in V8
  • Various fixes from internal audits, fuzzing and other initiatives

Updated to version 100.0.4896.75:

  • CVE-2022-1232: Type Confusion in V8 (boo#1198053)

Update to version 100.0.4896.60 (boo#1197680):

  • CVE-2022-1125: Use after free in Portals
  • CVE-2022-1127: Use after free in QR Code Generator
  • CVE-2022-1128: Inappropriate implementation in Web Share API
  • CVE-2022-1129: Inappropriate implementation in Full Screen Mode
  • CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
  • CVE-2022-1131: Use after free in Cast UI
  • CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
  • CVE-2022-1133: Use after free in WebRTC
  • CVE-2022-1134: Type Confusion in V8
  • CVE-2022-1135: Use after free in Shopping Cart
  • CVE-2022-1136: Use after free in Tab Strip
  • CVE-2022-1137: Inappropriate implementation in Extensions
  • CVE-2022-1138: Inappropriate implementation in Web Cursor
  • CVE-2022-1139: Inappropriate implementation in Background Fetch API
  • CVE-2022-1141: Use after free in File Manager
  • CVE-2022-1142: Heap buffer overflow in WebUI
  • CVE-2022-1143: Heap buffer overflow in WebUI
  • CVE-2022-1144: Use after free in WebUI
  • CVE-2022-1145: Use after free in Extensions
  • CVE-2022-1146: Inappropriate implementation in Resource Timing

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-112=1

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-112=1

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P