Bug 1203808 - VUL-0: chromium: multiple security issues fixed in 106.0.5249.61/106.0.5249.91
VUL-0: chromium: multiple security issues fixed in 106.0.5249.61/106.0.5249.91
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/343691/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-27 18:07 UTC by Andreas Stieger
Modified: 2022-10-03 16:25 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2022-09-27 18:07:40 UTC
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

  * CVE-2022-3304: Use after free in CSS
  * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
  * CVE-2022-3305: Use after free in Survey
  * CVE-2022-3306: Use after free in Survey
  * CVE-2022-3307: Use after free in Media
  * CVE-2022-3308: Insufficient policy enforcement in Developer Tools
  * CVE-2022-3309: Use after free in Assistant
  * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
  * CVE-2022-3311: Use after free in Import
  * CVE-2022-3312: Insufficient validation of untrusted input in VPN
  * CVE-2022-3313: Incorrect security UI in Full Screen
  * CVE-2022-3314: Use after free in Logging
  * CVE-2022-3315: Type confusion in Blink
  * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-3317: Insufficient validation of untrusted input in Intents
  * CVE-2022-3318: Use after free in ChromeOS Notifications
Comment 1 Andreas Stieger 2022-10-01 12:22:49 UTC
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html


* CVE-2022-3370: Use after free in Custom Elements
* CVE-2022-3373: Out of bounds write in V8
Comment 2 OBSbugzilla Bot 2022-10-01 13:25:03 UTC
This is an autogenerated message for OBS integration:
This bug (1203808) was mentioned in
https://build.opensuse.org/request/show/1007437 Factory / chromium
https://build.opensuse.org/request/show/1007438 Backports:SLE-15-SP3 / chromium
https://build.opensuse.org/request/show/1007439 Backports:SLE-15-SP4 / chromium
Comment 3 OBSbugzilla Bot 2022-10-02 13:35:02 UTC
This is an autogenerated message for OBS integration:
This bug (1203808) was mentioned in
https://build.opensuse.org/request/show/1007548 Backports:SLE-15-SP5 / chromium
Comment 4 Swamp Workflow Management 2022-10-03 16:21:15 UTC
openSUSE-SU-2022:10139-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 1203808
CVE References: CVE-2022-3201,CVE-2022-3304,CVE-2022-3305,CVE-2022-3306,CVE-2022-3307,CVE-2022-3308,CVE-2022-3309,CVE-2022-3310,CVE-2022-3311,CVE-2022-3312,CVE-2022-3313,CVE-2022-3314,CVE-2022-3315,CVE-2022-3316,CVE-2022-3317,CVE-2022-3318,CVE-2022-3370,CVE-2022-3373
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-106.0.5249.91-bp153.2.125.1
Comment 5 Swamp Workflow Management 2022-10-03 16:22:49 UTC
openSUSE-SU-2022:10138-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 1203808
CVE References: CVE-2022-3201,CVE-2022-3304,CVE-2022-3305,CVE-2022-3306,CVE-2022-3307,CVE-2022-3308,CVE-2022-3309,CVE-2022-3310,CVE-2022-3311,CVE-2022-3312,CVE-2022-3313,CVE-2022-3314,CVE-2022-3315,CVE-2022-3316,CVE-2022-3317,CVE-2022-3318,CVE-2022-3370,CVE-2022-3373
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-106.0.5249.91-bp154.2.32.1
Comment 6 Andreas Stieger 2022-10-03 16:25:35 UTC
done