Lucene search

K
suseSuseOPENSUSE-SU-2022:0125-1
HistoryMay 06, 2022 - 12:00 a.m.

Security update for chromium (important)

2022-05-0600:00:00
lists.opensuse.org
12

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An update that fixes 25 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 101.0.4951.54 (boo#1199118)

Chromium 101.0.4951.41 (boo#1198917):

  • CVE-2022-1477: Use after free in Vulkan
  • CVE-2022-1478: Use after free in SwiftShader
  • CVE-2022-1479: Use after free in ANGLE
  • CVE-2022-1480: Use after free in Device API
  • CVE-2022-1481: Use after free in Sharing
  • CVE-2022-1482: Inappropriate implementation in WebGL
  • CVE-2022-1483: Heap buffer overflow in WebGPU
  • CVE-2022-1484: Heap buffer overflow in Web UI Settings
  • CVE-2022-1485: Use after free in File System API
  • CVE-2022-1486: Type Confusion in V8
  • CVE-2022-1487: Use after free in Ozone
  • CVE-2022-1488: Inappropriate implementation in Extensions API
  • CVE-2022-1489: Out of bounds memory access in UI Shelf
  • CVE-2022-1490: Use after free in Browser Switcher
  • CVE-2022-1491: Use after free in Bookmarks
  • CVE-2022-1492: Insufficient data validation in Blink Editing
  • CVE-2022-1493: Use after free in Dev Tools
  • CVE-2022-1494: Insufficient data validation in Trusted Types
  • CVE-2022-1495: Incorrect security UI in Downloads
  • CVE-2022-1496: Use after free in File Manager
  • CVE-2022-1497: Inappropriate implementation in Input
  • CVE-2022-1498: Inappropriate implementation in HTML Parser
  • CVE-2022-1499: Inappropriate implementation in WebAuthentication
  • CVE-2022-1500: Insufficient data validation in Dev Tools
  • CVE-2022-1501: Inappropriate implementation in iframe

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-125=1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Related for OPENSUSE-SU-2022:0125-1