Lucene search

K
suse
SuseOPENSUSE-SU-2022:10123-1
HistorySep 17, 2022 - 12:00 a.m.

Security update for chromium (important)

2022-09-1700:00:00
lists.opensuse.org
15

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An update that fixes 7 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 105.0.5195.127 (boo#1203419):

  • CVE-2022-3195: Out of bounds write in Storage
  • CVE-2022-3196: Use after free in PDF
  • CVE-2022-3197: Use after free in PDF
  • CVE-2022-3198: Use after free in PDF
  • CVE-2022-3199: Use after free in Frames
  • CVE-2022-3200: Heap buffer overflow in Internals
  • CVE-2022-3201: Insufficient validation of untrusted input in DevTools
  • Various fixes from internal audits, fuzzing and other initiatives

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP4:

    zypper in -t patch openSUSE-2022-10123=1

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-10123=1

How to protect your server from attacks?

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Related for OPENSUSE-SU-2022:10123-1