Bug 1204223 – VUL-0: chromium: multiple security issues fixed in 106.0.5249.119

Bug 1204223 - VUL-0: chromium: multiple security issues fixed in 106.0.5249.119


Summary:	VUL-0: chromium: multiple security issues fixed in 106.0.5249.119

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.4
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/344883/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-10-12 06:12 UTC by Robert Frohl
Modified:	2022-10-18 21:04 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2022-10-12 06:12:12 UTC

CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30


https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html

Comment 1 OBSbugzilla Bot 2022-10-12 10:05:03 UTC

This is an autogenerated message for OBS integration:
This bug (1204223) was mentioned in
https://build.opensuse.org/request/show/1010169 Factory / chromium
https://build.opensuse.org/request/show/1010170 Backports:SLE-15-SP3 / chromium
https://build.opensuse.org/request/show/1010171 Backports:SLE-15-SP4 / chromium

Comment 2 Swamp Workflow Management 2022-10-13 19:19:27 UTC

openSUSE-SU-2022:10146-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1204223
CVE References: CVE-2022-3445,CVE-2022-3446,CVE-2022-3447,CVE-2022-3448,CVE-2022-3449,CVE-2022-3450
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-106.0.5249.119-bp154.2.35.1

Comment 3 OBSbugzilla Bot 2022-10-15 20:35:02 UTC

This is an autogenerated message for OBS integration:
This bug (1204223) was mentioned in
https://build.opensuse.org/request/show/1011171 Backports:SLE-15-SP5 / chromium

Comment 4 Swamp Workflow Management 2022-10-17 13:21:54 UTC

openSUSE-SU-2022:10151-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1204223
CVE References: CVE-2022-3445,CVE-2022-3446,CVE-2022-3447,CVE-2022-3448,CVE-2022-3449,CVE-2022-3450
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    chromium-106.0.5249.119-bp153.2.128.1

Comment 5 Andreas Stieger 2022-10-18 21:04:22 UTC

done