Lucene search
SuseOPENSUSE-SU-2022:10138-1HistoryOct 03, 2022 - 12:00 a.m.
Security update for chromium (important)
2022-10-0300:00:00
lists.opensuse.org
11
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
An update that fixes 18 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 106.0.5249.91 (boo#1203808):
- CVE-2022-3370: Use after free in Custom Elements
- CVE-2022-3373: Out of bounds write in V8
includes changes from 106.0.5249.61:
- CVE-2022-3304: Use after free in CSS
- CVE-2022-3201: Insufficient validation of untrusted input in Developer
Tools - CVE-2022-3305: Use after free in Survey
- CVE-2022-3306: Use after free in Survey
- CVE-2022-3307: Use after free in Media
- CVE-2022-3308: Insufficient policy enforcement in Developer Tools
- CVE-2022-3309: Use after free in Assistant
- CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
- CVE-2022-3311: Use after free in Import
- CVE-2022-3312: Insufficient validation of untrusted input in VPN
- CVE-2022-3313: Incorrect security UI in Full Screen
- CVE-2022-3314: Use after free in Logging
- CVE-2022-3315: Type confusion in Blink
- CVE-2022-3316: Insufficient validation of untrusted input in Safe
Browsing - CVE-2022-3317: Insufficient validation of untrusted input in Intents
- CVE-2022-3318: Use after free in ChromeOS Notifications
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10138=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15-SP4 | aarch64 | - opensuse backports sle | < 15-SP4 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP4 (aarch64 x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP4 | x86_64 | - opensuse backports sle | < 15-SP4 (aarch64 x86_64): | - openSUSE Backports SLE-15-SP4 (aarch64 x86_64):.x86_64.rpm |
Related
suse
suse
Security update for chromium (important)
2022-10-03 00:00:00
Security update for opera (important)
2022-09-27 00:00:00
Security update for opera (important)
2022-09-26 00:00:00
openvas
openvas
nessus
nessus
Debian DSA-5244-1 : chromium - security update
2022-09-30 00:00:00
FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)
2022-09-27 00:00:00
Google Chrome < 106.0.5249.61 Multiple Vulnerabilities
2022-09-27 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2022-09-27 00:00:00
chromium -- multiple vulnerabilities
2022-09-30 00:00:00
chromium -- multiple vulnerabilities
2022-09-14 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2022-10-05 08:23:49
debian
debian
[SECURITY] [DSA 5244-1] chromium security update
2022-09-28 19:41:14
[SECURITY] [DSA 5245-1] chromium security update
2022-10-02 17:55:29
[SECURITY] [DSA 5230-1] chromium security update
2022-09-15 18:57:39
chrome
chrome
Stable Channel Update for Desktop
2022-09-27 00:00:00
Stable Channel Update for ChromeOS
2022-10-11 00:00:00
Stable Channel Update for Desktop
2022-09-30 00:00:00
osv
osv
chromium - security update
2022-09-28 00:00:00
chromium - security update
2022-10-02 00:00:00
chromium - security update
2022-09-15 00:00:00
kaspersky
kaspersky
KLA19259 Multiple vulnerabilities in Google Chrome
2022-09-27 00:00:00
KLA19267 Multiple vulnerabilities in Microsoft Browser
2022-10-03 00:00:00
KLA19265 Multiple vulnerabilities in Google Chrome
2022-09-30 00:00:00
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2022-10-31 00:00:00
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2022-09-29 00:00:00
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00
talosblog
talosblog
veracode
veracode
Arbitrary Code Execution
2022-10-10 20:17:49
Use After Free
2022-10-10 18:56:01
Use After Free
2022-10-10 18:55:40
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
prion
prion
Double free
2022-11-01 20:15:00
Design/Logic Flaw
2022-11-01 20:15:00
Design/Logic Flaw
2022-11-01 20:15:00
mscve
mscve
Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs
2022-10-03 07:00:00
Chromium: CVE-2022-3370 Use after free in Custom Elements
2022-10-06 07:00:00
cnvd
cnvd
Microsoft Edge Denial of Service Vulnerability
2022-10-09 00:00:00
Google Chrome Import memory misquoting vulnerability
2022-09-29 00:00:00
Google Chrome Input Validation Error Vulnerability (CNVD-2022-81241)
2022-09-28 00:00:00
alpinelinux
alpinelinux
rapid7blog
rapid7blog
Patch Tuesday - October 2022
2022-10-11 18:35:28
fedora
fedora
[SECURITY] Fedora 36 Update: chromium-105.0.5195.125-2.fc36
2022-10-05 01:01:54
[SECURITY] Fedora 37 Update: chromium-105.0.5195.125-2.fc37
2022-10-03 00:22:01
[SECURITY] Fedora 35 Update: chromium-105.0.5195.125-2.fc35
2022-10-05 01:05:03
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Related for OPENSUSE-SU-2022:10138-1