Bug 1200423 - VUL-0: chromium: multiple security issues fixed in 102.0.5005.115
VUL-0: chromium: multiple security issues fixed in 102.0.5005.115
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-06-10 14:32 UTC by Carlos López
Modified: 2022-06-15 19:20 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-06-10 14:32:51 UTC
This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17

[$TBD][1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19

[$NA][1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13

[$TBD][1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31

Comment 1 OBSbugzilla Bot 2022-06-10 18:40:05 UTC
This is an autogenerated message for OBS integration:
This bug (1200423) was mentioned in
https://build.opensuse.org/request/show/982060 Factory / chromium
https://build.opensuse.org/request/show/982061 Backports:SLE-15-SP3 / chromium
https://build.opensuse.org/request/show/982062 Backports:SLE-15-SP4 / chromium
Comment 2 Swamp Workflow Management 2022-06-15 13:17:55 UTC
openSUSE-SU-2022:10009-1: An update that fixes 28 vulnerabilities is now available.

Category: security (critical)
Bug References: 1199893,1200139,1200423
CVE References: CVE-2022-1853,CVE-2022-1854,CVE-2022-1855,CVE-2022-1856,CVE-2022-1857,CVE-2022-1858,CVE-2022-1859,CVE-2022-1860,CVE-2022-1861,CVE-2022-1862,CVE-2022-1863,CVE-2022-1864,CVE-2022-1865,CVE-2022-1866,CVE-2022-1867,CVE-2022-1868,CVE-2022-1869,CVE-2022-1870,CVE-2022-1871,CVE-2022-1872,CVE-2022-1873,CVE-2022-1874,CVE-2022-1875,CVE-2022-1876,CVE-2022-2007,CVE-2022-2008,CVE-2022-2010,CVE-2022-2011
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-102.0.5005.115-bp153.2.101.1
Comment 3 Andreas Stieger 2022-06-15 15:55:50 UTC
Comment 4 Swamp Workflow Management 2022-06-15 19:20:16 UTC
openSUSE-SU-2022:10010-1: An update that fixes four vulnerabilities is now available.

Category: security (critical)
Bug References: 1200139,1200423
CVE References: CVE-2022-2007,CVE-2022-2008,CVE-2022-2010,CVE-2022-2011
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-102.0.5005.115-bp154.2.8.1