Bug 1205221 – VUL-0: chromium: multiple security issues fixed in 107.0.5304.110

Bug 1205221 - VUL-0: chromium: multiple security issues fixed in 107.0.5304.110


Summary:	VUL-0: chromium: multiple security issues fixed in 107.0.5304.110

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security
Version:	Current
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/347475/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-11-09 08:27 UTC by Robert Frohl
Modified:	2022-11-14 14:28 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2022-11-09 08:27:05 UTC

CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01

https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html

Comment 1 OBSbugzilla Bot 2022-11-09 19:35:04 UTC

This is an autogenerated message for OBS integration:
This bug (1205221) was mentioned in
https://build.opensuse.org/request/show/1034894 Factory / chromium
https://build.opensuse.org/request/show/1034896 Backports:SLE-15-SP3+Backports:SLE-15-SP4 / chromium

Comment 2 OBSbugzilla Bot 2022-11-10 23:05:03 UTC

This is an autogenerated message for OBS integration:
This bug (1205221) was mentioned in
https://build.opensuse.org/request/show/1035128 Backports:SLE-15-SP5 / chromium

Comment 3 Swamp Workflow Management 2022-11-14 14:21:49 UTC

openSUSE-SU-2022:10201-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1205221
CVE References: CVE-2022-3885,CVE-2022-3886,CVE-2022-3887,CVE-2022-3888,CVE-2022-3889,CVE-2022-3890
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    chromium-107.0.5304.110-bp154.2.43.1
openSUSE Backports SLE-15-SP3 (src):    chromium-107.0.5304.110-bp153.2.136.1

Comment 4 Andreas Stieger 2022-11-14 14:28:46 UTC

done