Bugzilla – Bug 1197680
VUL-0: chromium: multiple security issues fixed in 100.0.4896.60
Last modified: 2022-04-13 19:26:23 UTC
This update includes 28 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$7000][1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 [$5000][1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28 [$5000][1301920] High CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder on 2022-03-01 [$3000][1300253] High CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2022-02-24 [$1000][1142269] High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. on 2020-10-25 [$NA][1297404] High CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2022-02-15 [$TBD][1303410] High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess on 2022-03-07 [$TBD][1305776] High CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous on 2022-03-13 [$TBD][1308360] High CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-21 [$16000][1285601] Medium CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab on 2022-01-09 [$7000][1280205] Medium CVE-2022-1136: Use after free in Tab Strip . Reported by Krace on 2021-12-15 [$5000][1289846] Medium CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita on 2022-01-22 [$2000][1246188] Medium CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz on 2021-09-03 [$TBD][1268541] Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer on 2021-11-10 [$TBD][1303253] Medium CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab on 2022-03-05 [$TBD][1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07 [$TBD][1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-07 [$TBD][1304145] Medium CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-03-08 [$TBD][1304545] Medium CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security on 2022-03-09 [$TBD][1290150] Low CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta on 2022-01-23 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.As usual, our ongoing internal security work was responsible for a wide range of fixes: [1311327] Various fixes from internal audits, fuzzing and other initiatives
ok
This is an autogenerated message for OBS integration: This bug (1197680) was mentioned in https://build.opensuse.org/request/show/966065 Backports:SLE-15-SP3 / chromium
fixing shitty formatting... build fails currently [0]: > [ 3426s] FAILED: obj/ui/events/ozone/layout/layout/xkb_keyboard_layout_engine.o > [..] > [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc:40:5: error: 'xkb_keymap_key_get_mods_for_level' was not declared in this scope; did you mean 'xkb_keymap_key_get_syms_by_level'? > [ 3426s] 40 | xkb_keymap_key_get_mods_for_level) xkb_keymap_key_get_mods_for_level; > [ 3426s] | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > [ 3426s] | xkb_keymap_key_get_syms_by_level > [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc:40:5: error: 'xkb_keymap_key_get_mods_for_level' was not declared in this scope; did you mean 'xkb_keymap_key_get_syms_by_level'? > [ 3426s] 40 | xkb_keymap_key_get_mods_for_level) xkb_keymap_key_get_mods_for_level; > [ 3426s] | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > [ 3426s] | xkb_keymap_key_get_syms_by_level > [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc: In member function 'virtual void ui::XkbKeyboardLayoutEngine::SetKeymap(xkb_keymap*)': > [ 3426s] ../ui/events/ozone/layout/xkb/xkb_keyboard_layout_engine.cc:930:59: error: 'xkb_keymap_key_get_mods_for_level' cannot be used as a function > [ 3426s] 930 | int num_mods = xkb_keymap_key_get_mods_for_level( > [ 3426s] | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^ > [ 3426s] 931 | keymap, keycode, layout, level, masks, std::size(masks)); > [ 3426s] | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [0] https://build.opensuse.org/project/show/openSUSE:Maintenance:17449
Hi Callum, your SR#966065 is not compiling. Could you please check it out with priority?
needs libxkbcommon >= 1.0.0 in SUSE:SLE:15-SP3:Update jengelh is maintainer
Feel free to sr any version of X11:Wayland/libxkbcommon to SP3.
This is an autogenerated message for OBS integration: This bug (1197680) was mentioned in https://build.opensuse.org/request/show/966432 Factory / chromium https://build.opensuse.org/request/show/966433 Backports:SLE-15-SP4 / chromium
(In reply to Jan Engelhardt from comment #7) > Feel free to sr any version of X11:Wayland/libxkbcommon to SP3. ok thanks for the quick reply
https://build.opensuse.org/request/show/966446
(In reply to Callum Farmer from comment #10) > https://build.opensuse.org/request/show/966446 Not sure if it will work that way, this would need to go through the internal build system first. Maybe we need to submit to openSUSE:Backports:SLE-15-SP3:Update instead. Marcus how should we handle this ?
This needs to go via SLES and via an ECO I fear. we can try that, i reach out to our xorg maintainer
This is an autogenerated message for OBS integration: This bug (1197680) was mentioned in https://build.opensuse.org/request/show/967114 Backports:SLE-15-SP3 / chromium https://build.opensuse.org/request/show/967115 Backports:SLE-15-SP4 / chromium
I evaluated if libxkbcommon is binary compatible, it had some changes but none of the current users use those directly. Jira ticket is filed, just need to poke PM to move it forward... :/
libxkbcommon is released for 15-sp3. chromium now started building.
This is an autogenerated message for OBS integration: This bug (1197680) was mentioned in https://build.opensuse.org/request/show/969303 Backports:SLE-15-SP3 / chromium
done
openSUSE-SU-2022:0112-1: An update that fixes 35 vulnerabilities is now available. Category: security (important) Bug References: 1194511,1194512,1194513,1194514,1197680,1198053,1198361 CVE References: CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-1125,CVE-2022-1127,CVE-2022-1128,CVE-2022-1129,CVE-2022-1130,CVE-2022-1131,CVE-2022-1132,CVE-2022-1133,CVE-2022-1134,CVE-2022-1135,CVE-2022-1136,CVE-2022-1137,CVE-2022-1138,CVE-2022-1139,CVE-2022-1141,CVE-2022-1142,CVE-2022-1143,CVE-2022-1144,CVE-2022-1145,CVE-2022-1146,CVE-2022-1232,CVE-2022-1305,CVE-2022-1306,CVE-2022-1307,CVE-2022-1308,CVE-2022-1309,CVE-2022-1310,CVE-2022-1311,CVE-2022-1312,CVE-2022-1313,CVE-2022-1314,CVE-2022-21824 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs14-14.18.3-15.24.1 openSUSE Backports SLE-15-SP3 (src): chromium-100.0.4896.88-bp153.2.82.1