Bug 1202509 - VUL-0: chromium: multiple security issues fixed in 104.0.5112.101
VUL-0: chromium: multiple security issues fixed in 104.0.5112.101
Status: RESOLVED FIXED
: 1202510 (view as bug list)
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Major (vote)
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-18 06:01 UTC by Alexander Bergmann
Modified: 2022-08-25 15:51 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-08-18 06:01:31 UTC
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html

Chromium 104.0.5112.101

CVE-2022-2852: Use after free in FedCM.
CVE-2022-2854: Use after free in SwiftShader.
CVE-2022-2855: Use after free in ANGLE.
CVE-2022-2857: Use after free in Blink.
CVE-2022-2858: Use after free in Sign-In Flow.
CVE-2022-2853: Heap buffer overflow in Downloads.
CVE-2022-2856: Insufficient validation of untrusted input in Intents.
CVE-2022-2859: Use after free in Chrome OS Shell.
CVE-2022-2860: Insufficient policy enforcement in Cookies.
CVE-2022-2861: Inappropriate implementation in Extensions API.

Google is aware that an exploit for CVE-2022-2856 exists in the wild.
Comment 1 Robert Frohl 2022-08-18 06:09:07 UTC
*** Bug 1202510 has been marked as a duplicate of this bug. ***
Comment 2 OBSbugzilla Bot 2022-08-19 14:40:03 UTC
This is an autogenerated message for OBS integration:
This bug (1202509) was mentioned in
https://build.opensuse.org/request/show/998184 Factory / chromium
https://build.opensuse.org/request/show/998186 Backports:SLE-15-SP3+Backports:SLE-15-SP4 / chromium
Comment 3 Swamp Workflow Management 2022-08-25 13:16:50 UTC
openSUSE-SU-2022:10099-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 1202509
CVE References: CVE-2022-2852,CVE-2022-2853,CVE-2022-2854,CVE-2022-2855,CVE-2022-2856,CVE-2022-2857,CVE-2022-2858,CVE-2022-2859,CVE-2022-2860,CVE-2022-2861
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-104.0.5112.101-bp154.2.23.1
openSUSE Backports SLE-15-SP3 (src):    chromium-104.0.5112.101-bp153.2.116.1
Comment 4 Andreas Stieger 2022-08-25 15:51:37 UTC
done