Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2022:0112-1
HistoryApr 13, 2022 - 12:00 a.m.

Security update for chromium (important)

2022-04-1300:00:00
lists.opensuse.org
19
chromium
update
vulnerabilities
cve-2022-1305
cve-2022-1306
cve-2022-1307
cve-2022-1308
cve-2022-1309
cve-2022-1310
cve-2022-1311
cve-2022-1312
cve-2022-1313
cve-2022-1314
cve-2022-1232
cve-2022-1125
cve-2022-1127
cve-2022-1128
cve-2022-1129
cve-2022-1130
cve-2022-1131
cve-2022-1132
cve-2022-1133
cve-2022-1134
cve-2022-1135
cve-2022-1136
cve-2022-1137
cve-2022-1138
cve-2022-1139
cve-2022-1141
cve-2022-1142
cve-2022-1143
cve-2022-1144
cve-2022-1145
cve-2022-1146
patch instructions
suse
zypper

EPSS

0.006

Percentile

78.2%

JSON

An update that fixes 35 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Updated to Chromium 100.0.4896.88 (boo#1198361)

  • CVE-2022-1305: Use after free in storage
  • CVE-2022-1306: Inappropriate implementation in compositing
  • CVE-2022-1307: Inappropriate implementation in full screen
  • CVE-2022-1308: Use after free in BFCache
  • CVE-2022-1309: Insufficient policy enforcement in developer tools
  • CVE-2022-1310: Use after free in regular expressions
  • CVE-2022-1311: Use after free in Chrome OS shell
  • CVE-2022-1312: Use after free in storage
  • CVE-2022-1313: Use after free in tab groups
  • CVE-2022-1314: Type Confusion in V8
  • Various fixes from internal audits, fuzzing and other initiatives

Updated to version 100.0.4896.75:

  • CVE-2022-1232: Type Confusion in V8 (boo#1198053)

Update to version 100.0.4896.60 (boo#1197680):

  • CVE-2022-1125: Use after free in Portals
  • CVE-2022-1127: Use after free in QR Code Generator
  • CVE-2022-1128: Inappropriate implementation in Web Share API
  • CVE-2022-1129: Inappropriate implementation in Full Screen Mode
  • CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
  • CVE-2022-1131: Use after free in Cast UI
  • CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
  • CVE-2022-1133: Use after free in WebRTC
  • CVE-2022-1134: Type Confusion in V8
  • CVE-2022-1135: Use after free in Shopping Cart
  • CVE-2022-1136: Use after free in Tab Strip
  • CVE-2022-1137: Inappropriate implementation in Extensions
  • CVE-2022-1138: Inappropriate implementation in Web Cursor
  • CVE-2022-1139: Inappropriate implementation in Background Fetch API
  • CVE-2022-1141: Use after free in File Manager
  • CVE-2022-1142: Heap buffer overflow in WebUI
  • CVE-2022-1143: Heap buffer overflow in WebUI
  • CVE-2022-1144: Use after free in WebUI
  • CVE-2022-1145: Use after free in Extensions
  • CVE-2022-1146: Inappropriate implementation in Resource Timing

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-112=1

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-112=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm
openSUSE Backports SLE15-SP3aarch64- opensuse backports sle< 15-SP3 (aarch64 x86_64):- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.aarch64.rpm
openSUSE Backports SLE15-SP3x86_64- opensuse backports sle< 15-SP3 (aarch64 x86_64):- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.x86_64.rpm

Related

osv 18
nessus 31
openvas 23
debian 3
freebsd 3
mageia 3
kaspersky 4
chrome 2
fedora 5
nodejsblog 1
altlinux 1
ibm 24
photon 3
redos 1
almalinux 2
oraclelinux 2
redhat 4
rocky 3
suse 2
hackerone 2
veracode 7
cvelist 7
ubuntucve 5
redhatcve 4
cbl_mariner 8
nvd 8
prion 6
alpinelinux 5
cve 6
debiancve 5
mscve 1
osv
osv
chromium - security update
2022-04-03 00:00:00
chromium - security update
2022-04-13 00:00:00
Moderate: nodejs:14 security update
2022-11-08 00:00:00
nessus
nessus
Google Chrome < 100.0.4896.60 Multiple Vulnerabilities
2022-03-29 00:00:00
Debian DSA-5112-1 : chromium - security update
2022-04-05 00:00:00
Google Chrome < 100.0.4896.60 Multiple Vulnerabilities
2022-03-29 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5112-1)
2022-04-05 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_29-2022-03) - Mac OS X
2022-03-31 00:00:00
Mageia: Security Advisory (MGASA-2022-0130)
2022-04-07 00:00:00
debian
debian
[SECURITY] [DSA 5112-1] chromium security update
2022-04-03 15:19:35
[SECURITY] [DSA 5120-1] chromium security update
2022-04-13 06:27:12
[SECURITY] [DSA 5170-1] nodejs security update
2022-06-27 18:43:09
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-03-29 00:00:00
Chromium -- mulitple vulnerabilities
2022-04-11 00:00:00
Node.js -- January 2022 Security Releases
2022-01-10 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-04-05 20:32:07
Updated chromium-browser-stable packages fix security vulnerability
2022-04-18 23:00:03
Updated nodejs packages fix security vulnerability
2022-02-22 23:15:16
kaspersky
kaspersky
KLA12493 Multiple vulnerabilities in Google Chrome
2022-03-29 00:00:00
KLA12500 Multiple vulnerabilities in Google Chrome
2022-04-11 00:00:00
KLA12513 Multiple vulnerabilities in Microsoft Browser
2022-04-15 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2022-03-29 00:00:00
Stable Channel Update for Desktop
2022-04-11 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: chromium-100.0.4896.127-1.fc35
2022-05-03 14:55:22
[SECURITY] Fedora 36 Update: chromium-100.0.4896.127-1.fc36
2022-05-07 05:11:33
[SECURITY] Fedora 34 Update: chromium-100.0.4896.127-1.fc34
2022-05-03 14:58:26
nodejsblog
nodejsblog
January 10th 2022 Security Releases
2022-01-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.13.2-alt1
2022-03-18 00:00:00
ibm
ibm
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple CVEs in Node.js
2022-04-08 14:56:49
Security Bulletin: Vulnerabilities in the Open Source Node.js runtime affect IBM Event Streams (CVE-2021-44533, CVE-2022-21824, CVE-2021-44531, CVE-2021-44532)
2022-07-12 15:05:41
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation
2022-10-21 17:36:25
photon
photon
Important Photon OS Security Update - PHSA-2022-0164
2022-03-22 00:00:00
Important Photon OS Security Update - PHSA-2022-0453
2022-03-23 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0164
2022-03-22 00:00:00
redos
redos
ROS-20220125-10
2022-01-25 00:00:00
almalinux
almalinux
Moderate: nodejs:14 security update
2022-11-08 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 00:00:00
oraclelinux
oraclelinux
nodejs:14 security update
2022-11-15 00:00:00
nodejs:16 security, bug fix, and enhancement update
2022-12-16 00:00:00
redhat
redhat
(RHSA-2022:7830) Moderate: nodejs:14 security update
2022-11-08 10:51:23
(RHSA-2022:7044) Moderate: rh-nodejs14-nodejs security update
2022-10-19 09:58:44
(RHSA-2022:9073) Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
rocky
rocky
nodejs:14 security update
2022-11-08 10:51:23
nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
12 bug fix and enhancement update
2022-06-21 11:47:44
suse
suse
Security update for nodejs12 (moderate)
2022-04-17 00:00:00
Security update for libqt5-qtwebengine (moderate)
2022-07-10 00:00:00
hackerone
hackerone
Node.js: Node.js Certificate Verification Bypass via String Injection
2021-12-17 14:57:13
Node.js: Prototype pollution via console.table properties
2021-12-20 00:35:48
veracode
veracode
Improper Certificate Validation
2022-01-12 19:19:21
Arbitrary Code Execution
2022-01-12 19:19:15
Improper Certificate Validation
2022-01-12 19:27:10
cvelist
cvelist
CVE-2021-44532
2022-02-24 18:27:01
CVE-2021-44531
2022-02-24 18:27:00
CVE-2021-44533
2022-02-24 18:27:02
ubuntucve
ubuntucve
CVE-2021-44531
2022-02-24 00:00:00
CVE-2021-44533
2022-02-24 00:00:00
CVE-2021-44532
2022-02-24 00:00:00
redhatcve
redhatcve
CVE-2021-44531
2022-01-14 19:54:26
CVE-2021-44533
2022-01-14 20:45:33
CVE-2022-21824
2022-01-14 20:45:44
cbl_mariner
cbl_mariner
CVE-2021-44531 affecting package nodejs for versions less than 16.14.0-1
2022-04-09 06:52:23
CVE-2021-44531 affecting package nodejs 14.18.1-1
2022-03-19 16:40:55
CVE-2021-44532 affecting package nodejs 14.18.1-1
2022-03-19 16:40:55
nvd
nvd
CVE-2021-44533
2022-02-24 19:15:09
CVE-2022-21824
2022-02-24 19:15:10
CVE-2021-44531
2022-02-24 19:15:09
prion
prion
Code injection
2022-02-24 19:15:00
Design/Logic Flaw
2022-02-24 19:15:00
Design/Logic Flaw
2022-02-24 19:15:00
alpinelinux
alpinelinux
CVE-2021-44533
2022-02-24 19:15:09
CVE-2021-44531
2022-02-24 19:15:09
CVE-2022-1314
2022-07-25 14:15:10
cve
cve
CVE-2021-44532
2022-02-24 19:15:09
CVE-2021-44531
2022-02-24 19:15:09
CVE-2022-21824
2022-02-24 19:15:10
debiancve
debiancve
CVE-2022-21824
2022-02-24 19:15:10
CVE-2021-44531
2022-02-24 19:15:09
CVE-2021-44532
2022-02-24 19:15:09
mscve
mscve
Chromium: CVE-2022-1314 Type Confusion in V8
2022-04-15 07:00:00

EPSS

0.006

Percentile

78.2%

JSON
Related for OPENSUSE-SU-2022:0112-1
osv18nessus31openvas23debian3freebsd3mageia3kaspersky4chrome2fedora5nodejsblog1altlinux1ibm24photon3redos1almalinux2oraclelinux2redhat4rocky3suse2hackerone2veracode7cvelist7ubuntucve5redhatcve4cbl_mariner8nvd8prion6alpinelinux5cve6debiancve5mscve1