Bug 1197680 - VUL-0: chromium: multiple security issues fixed in 100.0.4896.60
VUL-0: chromium: multiple security issues fixed in 100.0.4896.60
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
https://smash.suse.de/issue/327600/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-30 07:36 UTC by Gabriele Sonnu
Modified: 2022-04-13 19:26 UTC (History)
7 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2022-03-30 07:36:39 UTC
This update includes 28 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29

[$5000][1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28

[$5000][1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01

[$3000][1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24

[$1000][1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25

[$NA][1297404] High CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15

[$TBD][1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07

[$TBD][1305776] High CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13

[$TBD][1308360] High CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21

[$16000][1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab on 2022-01-09

[$7000][1280205] Medium CVE-2022-1136: Use after free in Tab Strip . Reported by Krace on 2021-12-15

[$5000][1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita on 2022-01-22

[$2000][1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz on 2021-09-03

[$TBD][1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-10

[$TBD][1303253] Medium CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab on 2022-03-05

[$TBD][1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07

[$TBD][1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07

[$TBD][1304145] Medium CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08

[$TBD][1304545] Medium CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security on 2022-03-09

[$TBD][1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.As usual, our ongoing internal security work was responsible for a wide range of fixes:

[1311327] Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Callum Farmer 2022-03-30 08:20:10 UTC
ok
Comment 2 OBSbugzilla Bot 2022-03-30 18:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1197680) was mentioned in
https://build.opensuse.org/request/show/966065 Backports:SLE-15-SP3 / chromium
Comment 4 Robert Frohl 2022-03-31 13:21:58 UTC
fixing shitty formatting...

build fails currently [0]:

> [ 3426s] FAILED: obj/ui/events/ozone/layout/layout/xkb_keyboard_layout_engine.o
> [..]
> [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc:40:5: error: 'xkb_keymap_key_get_mods_for_level' was not declared in this scope; did you mean 'xkb_keymap_key_get_syms_by_level'?
> [ 3426s]    40 |     xkb_keymap_key_get_mods_for_level) xkb_keymap_key_get_mods_for_level;
> [ 3426s]       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> [ 3426s]       |     xkb_keymap_key_get_syms_by_level
> [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc:40:5: error: 'xkb_keymap_key_get_mods_for_level' was not declared in this scope; did you mean 'xkb_keymap_key_get_syms_by_level'?
> [ 3426s]    40 |     xkb_keymap_key_get_mods_for_level) xkb_keymap_key_get_mods_for_level;
> [ 3426s]       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> [ 3426s]       |     xkb_keymap_key_get_syms_by_level
> [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc: In member function 'virtual void ui::XkbKeyboardLayoutEngine::SetKeymap(xkb_keymap*)':
> [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc:930:59: error: 'xkb_keymap_key_get_mods_for_level' cannot be used as a function
> [ 3426s]   930 |           int num_mods = xkb_keymap_key_get_mods_for_level(
> [ 3426s]       |                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
> [ 3426s]   931 |               keymap, keycode, layout, level, masks, std::size(masks));
> [ 3426s]       |               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


[0] https://build.opensuse.org/project/show/openSUSE:Maintenance:17449
Comment 5 Gianluca Gabrielli 2022-04-01 09:08:31 UTC
Hi Callum, your SR#966065 is not compiling. Could you please check it out with priority?
Comment 6 Callum Farmer 2022-04-01 13:27:45 UTC
needs libxkbcommon >= 1.0.0 in SUSE:SLE:15-SP3:Update
jengelh is maintainer
Comment 7 Jan Engelhardt 2022-04-01 13:57:03 UTC
Feel free to sr any version of X11:Wayland/libxkbcommon to SP3.
Comment 8 OBSbugzilla Bot 2022-04-01 14:00:04 UTC
This is an autogenerated message for OBS integration:
This bug (1197680) was mentioned in
https://build.opensuse.org/request/show/966432 Factory / chromium
https://build.opensuse.org/request/show/966433 Backports:SLE-15-SP4 / chromium
Comment 9 Callum Farmer 2022-04-01 14:15:32 UTC
(In reply to Jan Engelhardt from comment #7)
> Feel free to sr any version of X11:Wayland/libxkbcommon to SP3.

ok
thanks for the quick reply
Comment 10 Callum Farmer 2022-04-01 14:19:23 UTC
https://build.opensuse.org/request/show/966446
Comment 11 Robert Frohl 2022-04-01 14:23:00 UTC
(In reply to Callum Farmer from comment #10)
> https://build.opensuse.org/request/show/966446

Not sure if it will work that way, this would need to go through the internal build system first. Maybe we need to submit to openSUSE:Backports:SLE-15-SP3:Update instead.

Marcus how should we handle this ?
Comment 12 Marcus Meissner 2022-04-01 14:33:06 UTC
This needs to go via SLES and via an ECO I fear.

we can try that, i reach out to our xorg maintainer
Comment 13 OBSbugzilla Bot 2022-04-05 17:10:03 UTC
This is an autogenerated message for OBS integration:
This bug (1197680) was mentioned in
https://build.opensuse.org/request/show/967114 Backports:SLE-15-SP3 / chromium
https://build.opensuse.org/request/show/967115 Backports:SLE-15-SP4 / chromium
Comment 14 Marcus Meissner 2022-04-06 09:31:05 UTC
I evaluated if libxkbcommon is binary compatible, it had some changes but none of the current users use those directly.

Jira ticket is filed, just need to poke PM to move it forward... :/
Comment 15 Marcus Meissner 2022-04-11 15:39:29 UTC
libxkbcommon is released for 15-sp3.

chromium now started building.
Comment 16 OBSbugzilla Bot 2022-04-12 06:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1197680) was mentioned in
https://build.opensuse.org/request/show/969303 Backports:SLE-15-SP3 / chromium
Comment 17 Andreas Stieger 2022-04-13 18:38:29 UTC
done
Comment 18 Swamp Workflow Management 2022-04-13 19:26:23 UTC
openSUSE-SU-2022:0112-1: An update that fixes 35 vulnerabilities is now available.

Category: security (important)
Bug References: 1194511,1194512,1194513,1194514,1197680,1198053,1198361
CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-1125,CVE-2022-1127,CVE-2022-1128,CVE-2022-1129,CVE-2022-1130,CVE-2022-1131,CVE-2022-1132,CVE-2022-1133,CVE-2022-1134,CVE-2022-1135,CVE-2022-1136,CVE-2022-1137,CVE-2022-1138,CVE-2022-1139,CVE-2022-1141,CVE-2022-1142,CVE-2022-1143,CVE-2022-1144,CVE-2022-1145,CVE-2022-1146,CVE-2022-1232,CVE-2022-1305,CVE-2022-1306,CVE-2022-1307,CVE-2022-1308,CVE-2022-1309,CVE-2022-1310,CVE-2022-1311,CVE-2022-1312,CVE-2022-1313,CVE-2022-1314,CVE-2022-21824
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    nodejs14-14.18.3-15.24.1
openSUSE Backports SLE-15-SP3 (src):    chromium-100.0.4896.88-bp153.2.82.1