Lucene search
SuseOPENSUSE-SU-2022:10099-1HistoryAug 25, 2022 - 12:00 a.m.
Security update for chromium (important)
2022-08-2500:00:00
lists.opensuse.org
18
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An update that fixes 10 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 104.0.5112.101 (boo#1202509):
- CVE-2022-2852: Use after free in FedCM
- CVE-2022-2854: Use after free in SwiftShader
- CVE-2022-2855: Use after free in ANGLE
- CVE-2022-2857: Use after free in Blink
- CVE-2022-2858: Use after free in Sign-In Flow
- CVE-2022-2853: Heap buffer overflow in Downloads
- CVE-2022-2856: Insufficient validation of untrusted input in Intents
- CVE-2022-2859: Use after free in Chrome OS Shell
- CVE-2022-2860: Insufficient policy enforcement in Cookies
- CVE-2022-2861: Inappropriate implementation in Extensions API
- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or βzypper patchβ.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10099=1
-
openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10099=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15-SP4 | aarch64 | - opensuse backports sle | <Β 15-SP4 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP4 (aarch64 x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP4 | x86_64 | - opensuse backports sle | <Β 15-SP4 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP4 (aarch64 x86_64):.x86_64.rpm |
| openSUSE Backports SLE | 15-SP3 | aarch64 | - opensuse backports sle | <Β 15-SP3 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP3 | x86_64 | - opensuse backports sle | <Β 15-SP3 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.x86_64.rpm |
Related
nessus
nessus
openSUSE 15 Security Update : opera (openSUSE-SU-2022:10109-1)
2022-08-30 00:00:00
Debian DSA-5212-1 : chromium - security update
2022-08-18 00:00:00
suse
suse
Security update for opera (important)
2022-08-29 00:00:00
Security update for opera (important)
2022-08-29 00:00:00
openvas
openvas
kaspersky
kaspersky
KLA15725 Multiple vulnerabilities in Opera
2022-08-23 00:00:00
KLA15722 Multiple vulnerabilities in Google Chrome
2022-08-16 00:00:00
KLA15724 Multiple vulnerabilities in Microsoft Browser
2022-08-19 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-08-16 00:00:00
debian
debian
[SECURITY] [DSA 5212-1] chromium security update
2022-08-17 22:57:57
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-08-26 00:21:07
chrome
chrome
Stable Channel Update for Desktop
2022-08-16 00:00:00
Stable Channel Update for ChromeOS
2022-09-07 00:00:00
osv
osv
chromium - security update
2022-08-18 00:00:00
malwarebytes
malwarebytes
Update Chrome now! Google issues patch for zero day spotted in the wild
2022-08-17 11:00:00
Zero-day puts a dent in Chrome's mojo
2022-09-05 16:30:00
cve
cve
debiancve
debiancve
prion
prion
Design/Logic Flaw
2022-09-26 16:15:00
Design/Logic Flaw
2022-09-26 16:15:00
Design/Logic Flaw
2022-09-26 16:15:00
veracode
veracode
Denial Of Service (DoS)
2022-09-01 10:46:12
Use-After-Free
2022-09-01 10:42:51
Heap Buffer Overflow
2022-09-01 10:47:23
mscve
mscve
Chromium: CVE-2022-2854 Use after free in SwiftShader
2022-08-19 07:00:00
Chromium: CVE-2022-2861 Inappropriate implementation in Extensions API
2022-08-19 07:00:00
Chromium: CVE-2022-2858 Use after free in Sign-In Flow
2022-08-19 07:00:00
ubuntucve
ubuntucve
hivepro
hivepro
Chromeβs zero-day flaw allows arbitrary code execution
2022-08-19 04:40:16
cisa_kev
cisa_kev
Google Chromium Intents Insufficient Input Validation Vulnerability
2022-08-18 00:00:00
cnvd
cnvd
Google Chrome Intents security bypass vulnerability
2022-08-18 00:00:00
Google Chrome FedCM code execution vulnerability
2022-08-18 00:00:00
attackerkb
attackerkb
CVE-2022-2856
2022-09-26 00:00:00
threatpost
threatpost
Google Patches Chromeβs Fifth Zero-Day of the Year
2022-08-18 14:31:38
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2022-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35
2022-10-05 01:05:03
[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36
2022-10-05 01:01:54
[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37
2022-10-03 00:22:01
thn
thn
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
2022-08-17 12:02:00
Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
2022-09-03 03:56:00
qualysblog
qualysblog
avleonov
avleonov
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Related for OPENSUSE-SU-2022:10099-1