Bug 1197552 (CVE-2022-1096)

Summary: VUL-0: CVE-2022-1096: chromium: Type Confusion in V8
Product: [openSUSE] openSUSE Distribution Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: Andreas.Stieger, bart.vanassche+novell, gmbr3
Version: Leap 15.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2022-03-26 14:56:58 UTC
Fixed in Chromium 99.0.4844.84:
CVE-2022-1096: Type Confusion in V8
Public exploit exists

References:
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://crbug.com/1309225
Comment 1 OBSbugzilla Bot 2022-03-26 16:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1197552) was mentioned in
https://build.opensuse.org/request/show/965046 Factory / chromium
https://build.opensuse.org/request/show/965047 Backports:SLE-15-SP3 / chromium
https://build.opensuse.org/request/show/965048 Backports:SLE-15-SP4 / chromium
Comment 2 Swamp Workflow Management 2022-03-28 19:17:26 UTC
openSUSE-SU-2022:0091-1: An update that fixes three vulnerabilities, contains two features is now available.

Category: security (important)
Bug References: 1193942,1193943,1197552
CVE References: CVE-2021-44224,CVE-2021-44790,CVE-2022-1096
JIRA References: SLE-22733,SLE-22849
Sources used:
openSUSE Leap 15.3 (src):    apache2-2.4.51-3.37.1
openSUSE Backports SLE-15-SP3 (src):    chromium-99.0.4844.84-bp153.2.75.1
Comment 4 Marcus Meissner 2022-03-29 13:41:38 UTC
released
Comment 5 OBSbugzilla Bot 2022-04-04 20:40:05 UTC
This is an autogenerated message for OBS integration:
This bug (1197552) was mentioned in
https://build.opensuse.org/request/show/966883 Factory / libqt5-qtwebengine
https://build.opensuse.org/request/show/966884 Backports:SLE-15-SP4 / libqt5-qtwebengine
Comment 6 OBSbugzilla Bot 2022-04-05 07:30:05 UTC
This is an autogenerated message for OBS integration:
This bug (1197552) was mentioned in
https://build.opensuse.org/request/show/966926 Backports:SLE-15-SP4 / qt6-webengine
Comment 7 OBSbugzilla Bot 2022-04-05 09:30:05 UTC
This is an autogenerated message for OBS integration:
This bug (1197552) was mentioned in
https://build.opensuse.org/request/show/966962 Factory / qt6-webengine