Bug 1213802

Summary: VUL-0: chromium: multiple security issues fixed in 97.0.4692.71
Product: [openSUSE] openSUSE Distribution Reporter: Thomas Leroy <thomas.leroy>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-07-31 06:50:38 UTC 
https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

CVE-2022-0096: Use after free in Storage.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
CVE-2022-0097: Inappropriate implementation in DevTools.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
CVE-2022-0098: Use after free in Screen Capture.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
CVE-2022-0099: Use after free in Sign-in.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
CVE-2022-0100: Heap buffer overflow in Media streams API.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
CVE-2022-0101: Heap buffer overflow in Bookmarks.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
CVE-2022-0337: Inappropriate implementation in File System API.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
CVE-2022-0102: Type Confusion in V8 .                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
CVE-2022-0103: Use after free in SwiftShader.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
CVE-2022-4924: Use after free in WebRTC.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
CVE-2022-0104: Heap buffer overflow in ANGLE.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
CVE-2022-0105: Use after free in PDF.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
CVE-2022-0106: Use after free in Autofill.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
CVE-2022-0107: Use after free in File Manager API.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
CVE-2022-0108: Inappropriate implementation in Navigation.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
CVE-2022-0109: Inappropriate implementation in Autofill.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
CVE-2022-0110: Incorrect security UI in Autofill.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
CVE-2022-0111: Inappropriate implementation in Navigation.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
CVE-2022-0112: Incorrect security UI in Browser UI.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
CVE-2022-0113: Inappropriate implementation in Blink.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           
CVE-2022-0114: Out of bounds memory access in Web Serial.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       
CVE-2022-0115: Uninitialized Use in File API.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             CVE-2022-0116: Inappropriate implementation in Compositing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
CVE-2022-0117: Policy bypass in Service Workers.                    
CVE-2022-0118: Inappropriate implementation in WebShare.            
CVE-2022-0120: Inappropriate implementation in Passwords.           
CVE-2022-4925: Insufficient validation of untrusted input in QUIC.
Comment 1 Thomas Leroy 2023-07-31 07:19:28 UTC 
Already fixed