Bug 1218149 (CVE-2022-4955)

Summary: VUL-0: CVE-2022-4955: chromium: inappropriate implementation in DevTools
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: OtherAssignee: Callum Farmer <gmbr3>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, Andreas.Stieger
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/374248/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-12-18 09:24:38 UTC 
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4955
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
Comment 1 Andrea Mattiazzo 2023-12-18 09:26:31 UTC 
Could you please add this reference for tracking to the changelog for the update to 108.0.5359.71?

CVE-2022-4955: Inappropriate implementation in DevTools.
Comment 2 Andreas Stieger 2023-12-18 11:49:29 UTC 
No. The way the patchinfo is usually generated it would pick it up as fixed in the next update instead of the 108 update. Resolving as duplicate.

*** This bug has been marked as a duplicate of bug 1205871 ***