Lucene search
SuseOPENSUSE-SU-2022:10120-1HistorySep 12, 2022 - 12:00 a.m.
Security update for chromium (important)
2022-09-1200:00:00
lists.opensuse.org
23
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
An update that fixes 23 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 105.0.5195.102 (boo#1203102):
- CVE-2022-3075: Insufficient data validation in Mojo
Chromium 105.0.5195.52 (boo#1202964):
- CVE-2022-3038: Use after free in Network Service
- CVE-2022-3039: Use after free in WebSQL
- CVE-2022-3040: Use after free in Layout
- CVE-2022-3041: Use after free in WebSQL
- CVE-2022-3042: Use after free in PhoneHub
- CVE-2022-3043: Heap buffer overflow in Screen Capture
- CVE-2022-3044: Inappropriate implementation in Site Isolation
- CVE-2022-3045: Insufficient validation of untrusted input in V8
- CVE-2022-3046: Use after free in Browser Tag
- CVE-2022-3071: Use after free in Tab Strip
- CVE-2022-3047: Insufficient policy enforcement in Extensions API
- CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
- CVE-2022-3049: Use after free in SplitScreen
- CVE-2022-3050: Heap buffer overflow in WebUI
- CVE-2022-3051: Heap buffer overflow in Exosphere
- CVE-2022-3052: Heap buffer overflow in Window Manager
- CVE-2022-3053: Inappropriate implementation in Pointer Lock
- CVE-2022-3054: Insufficient policy enforcement in DevTools
- CVE-2022-3055: Use after free in Passwords
- CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
- CVE-2022-3057: Inappropriate implementation in iframe Sandbox
- CVE-2022-3058: Use after free in Sign-In Flow
- Update chromium-symbolic.svg: this fixes boo#1202403.
- Fix quoting in chrome-wrapper, don’t put cwd on LD_LIBRARY_PATH
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10120=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15-SP3 | aarch64 | - opensuse backports sle | < 15-SP3 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP3 | x86_64 | - opensuse backports sle | < 15-SP3 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):.x86_64.rpm |
Related
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-08-30 00:00:00
chromium -- insufficient data validation in Mojo
2022-09-02 00:00:00
nessus
nessus
Google Chrome < 105.0.5195.52 Multiple Vulnerabilities
2022-08-30 00:00:00
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10120-1)
2022-09-16 00:00:00
Google Chrome < 105.0.5195.52 Multiple Vulnerabilities
2022-08-30 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0318)
2022-09-05 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10119-1)
2024-03-04 00:00:00
suse
suse
Security update for chromium (important)
2022-09-12 00:00:00
Security update for opera (important)
2022-09-12 00:00:00
Security update for opera (important)
2022-09-12 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-09-04 22:47:19
debian
debian
[SECURITY] [DSA 5223-1] chromium security update
2022-09-01 19:22:26
kaspersky
kaspersky
KLA15732 Multiple vulnerabilities in Google Chrome
2022-08-30 00:00:00
KLA15734 Multiple vulnerabilities in Microsoft Browser
2022-09-01 00:00:00
KLA19251 DoS vulnerability in Opera
2022-09-14 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2022-08-30 00:00:00
Stable Channel Update for ChromeOS
2022-09-07 00:00:00
Stable Channel Update for Desktop
2022-09-02 00:00:00
osv
osv
chromium - security update
2022-09-01 00:00:00
chromium - security update
2022-09-06 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2022-09-29 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35
2022-10-05 01:05:03
[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36
2022-10-05 01:01:54
[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37
2022-10-03 00:22:01
veracode
veracode
Denial Of Service (DoS)
2022-09-16 19:25:46
Heap Buffer Overflow
2022-09-16 19:25:41
Information Disclosure
2022-09-16 19:26:18
prion
prion
ubuntucve
ubuntucve
mscve
mscve
Chromium: CVE-2022-3057 Inappropriate implementation in iframe Sandbox
2022-09-01 16:05:11
Chromium: CVE-2022-3046 Use after free in Browser Tag
2022-09-01 16:05:00
Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API
2022-09-01 16:05:02
cve
cve
debiancve
debiancve
cnvd
cnvd
Google Chrome Browser Tag Memory Misreference Vulnerability
2022-09-01 00:00:00
Google Chrome SplitScreen Memory Misreference Vulnerability
2022-09-01 00:00:00
Google Chrome Exosphere Buffer Overflow Vulnerability
2022-09-01 00:00:00
attackerkb
attackerkb
CVE-2022-3038
2022-09-26 00:00:00
CVE-2022-3075
2022-09-26 00:00:00
alpinelinux
alpinelinux
cisa_kev
cisa_kev
Google Chromium Network Service Use-After-Free Vulnerability
2023-03-30 00:00:00
Google Chromium Mojo Insufficient Data Validation Vulnerability
2022-09-08 00:00:00
hivepro
hivepro
Google Chrome browser suffers from another zero-day vulnerability
2022-09-06 03:23:38
qualysblog
qualysblog
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Related for OPENSUSE-SU-2022:10120-1