Bug 1202075 - VUL-0: chromium: multiple security issues fixed in 104.0.5112.79
VUL-0: chromium: multiple security issues fixed in 104.0.5112.79
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/338789/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-02 22:18 UTC by Andreas Stieger
Modified: 2022-08-19 13:53 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2022-08-02 22:18:42 UTC
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html

Chromium 104.0.5112.79 

CVE-2022-2604: Use after free in Safe Browsing
CVE-2022-2605: Out of bounds read in Dawn
CVE-2022-2606: Use after free in Managed devices API
CVE-2022-2607: Use after free in Tab Strip
CVE-2022-2608: Use after free in Overview Mode
CVE-2022-2609: Use after free in Nearby Share
CVE-2022-2610: Insufficient policy enforcement in Background Fetch
CVE-2022-2611: Inappropriate implementation in Fullscreen API
CVE-2022-2612: Side-channel information leakage in Keyboard input
CVE-2022-2613: Use after free in Input
CVE-2022-2614: Use after free in Sign-In Flow
CVE-2022-2615: Insufficient policy enforcement in Cookies
CVE-2022-2616: Inappropriate implementation in Extensions API
CVE-2022-2617: Use after free in Extensions API
CVE-2022-2618: Insufficient validation of untrusted input in Internals
CVE-2022-2619: Insufficient validation of untrusted input in Settings
CVE-2022-2620: Use after free in WebUI
CVE-2022-2621: Use after free in Extensions
CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
CVE-2022-2623: Use after free in Offline
CVE-2022-2624: Heap buffer overflow in PDF
Comment 1 Gianluca Gabrielli 2022-08-03 11:48:21 UTC
Am I wrong or CVE-2022-2603 [0] is also fixed by this update but was omitted from the above description?

[0] https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
Comment 2 OBSbugzilla Bot 2022-08-09 14:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1202075) was mentioned in
https://build.opensuse.org/request/show/994138 Factory / chromium
https://build.opensuse.org/request/show/994139 Backports:SLE-15-SP4 / chromium
https://build.opensuse.org/request/show/994140 Backports:SLE-15-SP3 / chromium
Comment 3 Swamp Workflow Management 2022-08-12 19:18:35 UTC
openSUSE-SU-2022:10086-1: An update that fixes 22 vulnerabilities is now available.

Category: security (important)
Bug References: 1202075
CVE References: CVE-2022-2603,CVE-2022-2604,CVE-2022-2605,CVE-2022-2606,CVE-2022-2607,CVE-2022-2608,CVE-2022-2609,CVE-2022-2610,CVE-2022-2611,CVE-2022-2612,CVE-2022-2613,CVE-2022-2614,CVE-2022-2615,CVE-2022-2616,CVE-2022-2617,CVE-2022-2618,CVE-2022-2619,CVE-2022-2620,CVE-2022-2621,CVE-2022-2622,CVE-2022-2623,CVE-2022-2624
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-104.0.5112.79-bp154.2.20.1
Comment 4 Swamp Workflow Management 2022-08-16 13:21:48 UTC
openSUSE-SU-2022:10092-1: An update that fixes 22 vulnerabilities is now available.

Category: security (important)
Bug References: 1202075
CVE References: CVE-2022-2603,CVE-2022-2604,CVE-2022-2605,CVE-2022-2606,CVE-2022-2607,CVE-2022-2608,CVE-2022-2609,CVE-2022-2610,CVE-2022-2611,CVE-2022-2612,CVE-2022-2613,CVE-2022-2614,CVE-2022-2615,CVE-2022-2616,CVE-2022-2617,CVE-2022-2618,CVE-2022-2619,CVE-2022-2620,CVE-2022-2621,CVE-2022-2622,CVE-2022-2623,CVE-2022-2624
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-104.0.5112.79-bp153.2.113.1
Comment 5 Andreas Stieger 2022-08-19 13:53:20 UTC
done