Bug 1196641 - VUL-0: chromium: multiple security issues fixed in 99.0.4844.51
VUL-0: chromium: multiple security issues fixed in 99.0.4844.51
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Callum Farmer
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-02 11:01 UTC by Gianluca Gabrielli
Modified: 2022-03-07 14:41 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2022-03-02 11:01:01 UTC
[$10000][1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) 
[$7000][1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous 
[$7000][1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab 
[$7000][1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori 
[$7000][1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita 
[$7000][1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani 
[$5000][1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 
[$5000][1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. 
[$NA][1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero 
[$15000][1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci 
[$10000][1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) 
[$7000][1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani 
[$5000][1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michał Bentkowski of Securitum 
[$3000][1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) 
[$3000][1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri 
[$2500][1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) 
[$2000][1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab 
[$1000][1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Paril 
[$TBD][1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz 
[$TBD][1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel 
[$TBD][1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586
Comment 1 OBSbugzilla Bot 2022-03-04 13:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1196641) was mentioned in
https://build.opensuse.org/request/show/959389 Backports:SLE-15-SP3 / chromium
Comment 2 OBSbugzilla Bot 2022-03-04 15:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1196641) was mentioned in
https://build.opensuse.org/request/show/959479 Backports:SLE-15-SP3 / chromium
Comment 3 Swamp Workflow Management 2022-03-07 14:17:21 UTC
openSUSE-SU-2022:0075-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1196641
CVE References: CVE-2022-0789,CVE-2022-0790,CVE-2022-0791,CVE-2022-0792,CVE-2022-0793,CVE-2022-0794,CVE-2022-0795,CVE-2022-0796,CVE-2022-0797,CVE-2022-0798,CVE-2022-0799,CVE-2022-0800,CVE-2022-0801,CVE-2022-0802,CVE-2022-0803,CVE-2022-0804,CVE-2022-0805,CVE-2022-0806,CVE-2022-0807,CVE-2022-0808,CVE-2022-0809
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-99.0.4844.51-bp153.2.66.1
Comment 4 Marcus Meissner 2022-03-07 14:41:15 UTC
done