Bugzilla – Bug 1202509
VUL-0: chromium: multiple security issues fixed in 104.0.5112.101
Last modified: 2022-08-25 15:51:37 UTC
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html Chromium 104.0.5112.101 CVE-2022-2852: Use after free in FedCM. CVE-2022-2854: Use after free in SwiftShader. CVE-2022-2855: Use after free in ANGLE. CVE-2022-2857: Use after free in Blink. CVE-2022-2858: Use after free in Sign-In Flow. CVE-2022-2853: Heap buffer overflow in Downloads. CVE-2022-2856: Insufficient validation of untrusted input in Intents. CVE-2022-2859: Use after free in Chrome OS Shell. CVE-2022-2860: Insufficient policy enforcement in Cookies. CVE-2022-2861: Inappropriate implementation in Extensions API. Google is aware that an exploit for CVE-2022-2856 exists in the wild.
*** Bug 1202510 has been marked as a duplicate of this bug. ***
This is an autogenerated message for OBS integration: This bug (1202509) was mentioned in https://build.opensuse.org/request/show/998184 Factory / chromium https://build.opensuse.org/request/show/998186 Backports:SLE-15-SP3+Backports:SLE-15-SP4 / chromium
openSUSE-SU-2022:10099-1: An update that fixes 10 vulnerabilities is now available. Category: security (important) Bug References: 1202509 CVE References: CVE-2022-2852,CVE-2022-2853,CVE-2022-2854,CVE-2022-2855,CVE-2022-2856,CVE-2022-2857,CVE-2022-2858,CVE-2022-2859,CVE-2022-2860,CVE-2022-2861 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): chromium-104.0.5112.101-bp154.2.23.1 openSUSE Backports SLE-15-SP3 (src): chromium-104.0.5112.101-bp153.2.116.1
done