Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2022:0112-1
HistoryApr 13, 2022 - 12:00 a.m.

Security update for chromium (important)

2022-04-1300:00:00
lists.opensuse.org
15

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON

An update that fixes 35 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Updated to Chromium 100.0.4896.88 (boo#1198361)

  • CVE-2022-1305: Use after free in storage
  • CVE-2022-1306: Inappropriate implementation in compositing
  • CVE-2022-1307: Inappropriate implementation in full screen
  • CVE-2022-1308: Use after free in BFCache
  • CVE-2022-1309: Insufficient policy enforcement in developer tools
  • CVE-2022-1310: Use after free in regular expressions
  • CVE-2022-1311: Use after free in Chrome OS shell
  • CVE-2022-1312: Use after free in storage
  • CVE-2022-1313: Use after free in tab groups
  • CVE-2022-1314: Type Confusion in V8
  • Various fixes from internal audits, fuzzing and other initiatives

Updated to version 100.0.4896.75:

  • CVE-2022-1232: Type Confusion in V8 (boo#1198053)

Update to version 100.0.4896.60 (boo#1197680):

  • CVE-2022-1125: Use after free in Portals
  • CVE-2022-1127: Use after free in QR Code Generator
  • CVE-2022-1128: Inappropriate implementation in Web Share API
  • CVE-2022-1129: Inappropriate implementation in Full Screen Mode
  • CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
  • CVE-2022-1131: Use after free in Cast UI
  • CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
  • CVE-2022-1133: Use after free in WebRTC
  • CVE-2022-1134: Type Confusion in V8
  • CVE-2022-1135: Use after free in Shopping Cart
  • CVE-2022-1136: Use after free in Tab Strip
  • CVE-2022-1137: Inappropriate implementation in Extensions
  • CVE-2022-1138: Inappropriate implementation in Web Cursor
  • CVE-2022-1139: Inappropriate implementation in Background Fetch API
  • CVE-2022-1141: Use after free in File Manager
  • CVE-2022-1142: Heap buffer overflow in WebUI
  • CVE-2022-1143: Heap buffer overflow in WebUI
  • CVE-2022-1144: Use after free in WebUI
  • CVE-2022-1145: Use after free in Extensions
  • CVE-2022-1146: Inappropriate implementation in Resource Timing

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-112=1

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-112=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm
openSUSE Backports SLE15-SP3aarch64- opensuse backports sle< 15-SP3 (aarch64 x86_64):- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.aarch64.rpm
openSUSE Backports SLE15-SP3x86_64- opensuse backports sle< 15-SP3 (aarch64 x86_64):- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.x86_64.rpm

Related

openvas 23
nessus 30
debian 3
kaspersky 4
chrome 2
mageia 3
freebsd 3
osv 15
fedora 5
photon 3
ibm 24
nodejsblog 1
altlinux 1
redos 1
rocky 3
almalinux 2
oraclelinux 2
redhat 4
suse 2
hackerone 2
prion 11
debiancve 8
ubuntucve 8
alpinelinux 5
veracode 9
redhatcve 4
cbl_mariner 8
cve 9
mscve 4
openvas
openvas
Debian: Security Advisory (DSA-5112-1)
2022-04-05 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_29-2022-03) - Mac OS X
2022-03-31 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_29-2022-03) - Windows
2022-03-31 00:00:00
nessus
nessus
Google Chrome < 100.0.4896.60 Multiple Vulnerabilities
2022-03-29 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec)
2022-03-29 00:00:00
Google Chrome < 100.0.4896.60 Multiple Vulnerabilities
2022-03-29 00:00:00
debian
debian
[SECURITY] [DSA 5112-1] chromium security update
2022-04-03 15:19:35
[SECURITY] [DSA 5120-1] chromium security update
2022-04-13 06:27:12
[SECURITY] [DSA 5170-1] nodejs security update
2022-06-27 18:43:09
kaspersky
kaspersky
KLA12493 Multiple vulnerabilities in Google Chrome
2022-03-29 00:00:00
KLA12500 Multiple vulnerabilities in Google Chrome
2022-04-11 00:00:00
KLA12513 Multiple vulnerabilities in Microsoft Browser
2022-04-15 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2022-03-29 00:00:00
Stable Channel Update for Desktop
2022-04-11 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-04-05 20:32:07
Updated chromium-browser-stable packages fix security vulnerability
2022-04-18 23:00:03
Updated nodejs packages fix security vulnerability
2022-02-22 23:15:16
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-03-29 00:00:00
Chromium -- mulitple vulnerabilities
2022-04-11 00:00:00
Node.js -- January 2022 Security Releases
2022-01-10 00:00:00
osv
osv
chromium - security update
2022-04-03 00:00:00
chromium - security update
2022-04-13 00:00:00
Moderate: nodejs:14 security update
2022-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: chromium-100.0.4896.127-1.fc35
2022-05-03 14:55:22
[SECURITY] Fedora 36 Update: chromium-100.0.4896.127-1.fc36
2022-05-07 05:11:33
[SECURITY] Fedora 34 Update: chromium-100.0.4896.127-1.fc34
2022-05-03 14:58:26
photon
photon
Important Photon OS Security Update - PHSA-2022-0164
2022-03-22 00:00:00
Important Photon OS Security Update - PHSA-2022-0453
2022-03-23 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0164
2022-03-22 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Open Source Node.js runtime affect IBM Event Streams (CVE-2021-44533, CVE-2022-21824, CVE-2021-44531, CVE-2021-44532)
2022-07-12 15:05:41
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple CVEs in Node.js
2022-04-08 14:56:49
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation
2022-10-21 17:36:25
nodejsblog
nodejsblog
January 10th 2022 Security Releases
2022-01-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.13.2-alt1
2022-03-18 00:00:00
redos
redos
ROS-20220125-10
2022-01-25 00:00:00
rocky
rocky
nodejs:14 security update
2022-11-08 10:51:23
nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
12 bug fix and enhancement update
2022-06-21 11:47:44
almalinux
almalinux
Moderate: nodejs:14 security update
2022-11-08 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 00:00:00
oraclelinux
oraclelinux
nodejs:14 security update
2022-11-15 00:00:00
nodejs:16 security, bug fix, and enhancement update
2022-12-16 00:00:00
redhat
redhat
(RHSA-2022:7830) Moderate: nodejs:14 security update
2022-11-08 10:51:23
(RHSA-2022:7044) Moderate: rh-nodejs14-nodejs security update
2022-10-19 09:58:44
(RHSA-2022:9073) Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
suse
suse
Security update for nodejs12 (moderate)
2022-04-17 00:00:00
Security update for libqt5-qtwebengine (moderate)
2022-07-10 00:00:00
hackerone
hackerone
Node.js: Node.js Certificate Verification Bypass via String Injection
2021-12-17 14:57:13
Node.js: Prototype pollution via console.table properties
2021-12-20 00:35:48
prion
prion
Design/Logic Flaw
2022-02-24 19:15:00
Code injection
2022-02-24 19:15:00
Design/Logic Flaw
2022-02-24 19:15:00
debiancve
debiancve
CVE-2021-44531
2022-02-24 19:15:00
CVE-2021-44532
2022-02-24 19:15:00
CVE-2022-21824
2022-02-24 19:15:00
ubuntucve
ubuntucve
CVE-2021-44533
2022-02-24 00:00:00
CVE-2021-44531
2022-02-24 00:00:00
CVE-2021-44532
2022-02-24 00:00:00
alpinelinux
alpinelinux
CVE-2021-44533
2022-02-24 19:15:00
CVE-2021-44531
2022-02-24 19:15:00
CVE-2022-21824
2022-02-24 19:15:00
veracode
veracode
Improper Certificate Validation
2022-01-12 19:19:21
Arbitrary Code Execution
2022-01-12 19:19:15
Improper Certificate Validation
2022-01-12 19:27:10
redhatcve
redhatcve
CVE-2021-44533
2022-01-14 20:45:33
CVE-2021-44531
2022-01-14 19:54:26
CVE-2022-21824
2022-01-14 20:45:44
cbl_mariner
cbl_mariner
CVE-2021-44531 affecting package nodejs 14.17.2-2
2022-04-09 06:52:23
CVE-2021-44531 affecting package nodejs 14.18.1-1
2022-03-19 16:40:55
CVE-2021-44532 affecting package nodejs 14.18.1-1
2022-03-19 16:40:55
cve
cve
CVE-2021-44532
2022-02-24 19:15:00
CVE-2021-44531
2022-02-24 19:15:00
CVE-2022-21824
2022-02-24 19:15:00
mscve
mscve
Chromium: CVE-2022-1314 Type Confusion in V8
2022-04-15 07:00:00
Chromium: CVE-2022-1133 Use after free in WebRTC
2022-04-01 07:00:00
Chromium: CVE-2022-1313 Use after free in tab groups
2022-04-15 07:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

JSON
Related for OPENSUSE-SU-2022:0112-1
openvas23nessus30debian3kaspersky4chrome2mageia3freebsd3osv15fedora5photon3ibm24nodejsblog1altlinux1redos1rocky3almalinux2oraclelinux2redhat4suse2hackerone2prion11debiancve8ubuntucve8alpinelinux5veracode9redhatcve4cbl_mariner8cve9mscve4