Bug 1218149 (CVE-2022-4955) - VUL-0: CVE-2022-4955: chromium: inappropriate implementation in DevTools
Summary: VUL-0: CVE-2022-4955: chromium: inappropriate implementation in DevTools
Status: RESOLVED DUPLICATE of bug 1205871
Alias: CVE-2022-4955
Product: openSUSE Distribution
Classification: openSUSE
Component: Other (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Callum Farmer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/374248/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-18 09:24 UTC by SMASH SMASH
Modified: 2023-12-18 11:49 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2023-12-18 09:24:38 UTC 
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4955
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
Comment 1 Andrea Mattiazzo 2023-12-18 09:26:31 UTC 
Could you please add this reference for tracking to the changelog for the update to 108.0.5359.71?

CVE-2022-4955: Inappropriate implementation in DevTools.
Comment 2 Andreas Stieger 2023-12-18 11:49:29 UTC 
No. The way the patchinfo is usually generated it would pick it up as fixed in the next update instead of the 108 update. Resolving as duplicate.

*** This bug has been marked as a duplicate of bug 1205871 ***