First Last Prev Next    This bug is not in your last search results.
Bug 1200783 - VUL-0: chromium: multiple security issues fixed in 103.0.5060.53
VUL-0: chromium: multiple security issues fixed in 103.0.5060.53
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/335302/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-06-22 06:18 UTC by Carlos López
Modified: 2022-07-29 07:52 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-06-22 06:18:37 UTC 
This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$NA][1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11

[$20000][1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab  on 2022-05-19

[$7500][1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29

[$3000][1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14

[$3000][1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30

[$2000][1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19

[$7000][1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21

[$1000][1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10

[$500][1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19

https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
Comment 1 Andreas Stieger 2022-06-22 08:07:32 UTC 
I might have time for this on the weekend, Calum?
Comment 2 Callum Farmer 2022-06-22 08:23:59 UTC 
I'll try.
Comment 3 OBSbugzilla Bot 2022-06-25 12:40:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1200783) was mentioned in
https://build.opensuse.org/request/show/985034 Backports:SLE-15-SP4 / chromium
https://build.opensuse.org/request/show/985035 Backports:SLE-15-SP3 / chromium
Comment 4 Swamp Workflow Management 2022-06-29 13:16:08 UTC 
openSUSE-SU-2022:10036-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1200783
CVE References: CVE-2022-2156,CVE-2022-2157,CVE-2022-2158,CVE-2022-2160,CVE-2022-2161,CVE-2022-2162,CVE-2022-2163,CVE-2022-2164,CVE-2022-2165
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-103.0.5060.53-bp153.2.104.1
Comment 5 Swamp Workflow Management 2022-06-29 13:18:18 UTC 
openSUSE-SU-2022:10035-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1200783
CVE References: CVE-2022-2156,CVE-2022-2157,CVE-2022-2158,CVE-2022-2160,CVE-2022-2161,CVE-2022-2162,CVE-2022-2163,CVE-2022-2164,CVE-2022-2165
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-103.0.5060.53-bp154.2.11.1
Comment 6 Andreas Stieger 2022-06-29 13:34:43 UTC 
done
Comment 7 Carlos López 2022-07-29 07:52:56 UTC 
This also fixed CVE-2022-2415
First Last Prev Next    This bug is not in your last search results.