Bug 1195986 - VUL-0: chromium: multiple security issues fixed in 98.0.4758.102
VUL-0: chromium: multiple security issues fixed in 98.0.4758.102
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-15 16:31 UTC by Gabriele Sonnu
Modified: 2022-02-17 20:53 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2022-02-15 16:31:17 UTC
[$15000][1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22

[$7000][1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24

[$7000][1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita  on 2022-01-13

[$7000][1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17

[$TBD][1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17

[$NA][1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16

[$NA][1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10

[$TBD][1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.As usual, our ongoing internal security work was responsible for a wide range of fixes:

    [1297168] Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Andreas Stieger 2022-02-16 06:44:06 UTC
https://build.opensuse.org/request/show/955128
Comment 2 OBSbugzilla Bot 2022-02-16 07:30:04 UTC
This is an autogenerated message for OBS integration:
This bug (1195986) was mentioned in
https://build.opensuse.org/request/show/955161 Backports:SLE-15-SP3 / chromium
https://build.opensuse.org/request/show/955162 Backports:SLE-15-SP4 / chromium
Comment 3 Swamp Workflow Management 2022-02-17 20:16:25 UTC
openSUSE-SU-2022:0042-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1195986
CVE References: CVE-2022-0603,CVE-2022-0604,CVE-2022-0605,CVE-2022-0606,CVE-2022-0607,CVE-2022-0608,CVE-2022-0609,CVE-2022-0610
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-98.0.4758.102-bp153.2.63.1
Comment 4 Andreas Stieger 2022-02-17 20:53:24 UTC
done