openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0112-1
Rating:             important
References:         #1194511 #1194512 #1194513 #1194514 #1197680 
                    #1198053 #1198361 
Cross-References:   CVE-2021-44531 CVE-2021-44532 CVE-2021-44533
                    CVE-2022-1125 CVE-2022-1127 CVE-2022-1128
                    CVE-2022-1129 CVE-2022-1130 CVE-2022-1131
                    CVE-2022-1132 CVE-2022-1133 CVE-2022-1134
                    CVE-2022-1135 CVE-2022-1136 CVE-2022-1137
                    CVE-2022-1138 CVE-2022-1139 CVE-2022-1141
                    CVE-2022-1142 CVE-2022-1143 CVE-2022-1144
                    CVE-2022-1145 CVE-2022-1146 CVE-2022-1232
                    CVE-2022-1305 CVE-2022-1306 CVE-2022-1307
                    CVE-2022-1308 CVE-2022-1309 CVE-2022-1310
                    CVE-2022-1311 CVE-2022-1312 CVE-2022-1313
                    CVE-2022-1314 CVE-2022-21824
CVSS scores:
                    CVE-2021-44531 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-44532 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-44533 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21824 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products:
                    openSUSE Backports SLE-15-SP3
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that fixes 35 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   Updated to Chromium 100.0.4896.88 (boo#1198361)

   - CVE-2022-1305: Use after free in storage
   - CVE-2022-1306: Inappropriate implementation in compositing
   - CVE-2022-1307: Inappropriate implementation in full screen
   - CVE-2022-1308: Use after free in BFCache
   - CVE-2022-1309: Insufficient policy enforcement in developer tools
   - CVE-2022-1310: Use after free in regular expressions
   - CVE-2022-1311: Use after free in Chrome OS shell
   - CVE-2022-1312: Use after free in storage
   - CVE-2022-1313: Use after free in tab groups
   - CVE-2022-1314: Type Confusion in V8
   - Various fixes from internal audits, fuzzing and other initiatives

   Updated to version 100.0.4896.75:

   - CVE-2022-1232: Type Confusion in V8 (boo#1198053)

   Update to version 100.0.4896.60 (boo#1197680):

   - CVE-2022-1125: Use after free in Portals
   - CVE-2022-1127: Use after free in QR Code Generator
   - CVE-2022-1128: Inappropriate implementation in Web Share API
   - CVE-2022-1129: Inappropriate implementation in Full Screen Mode
   - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
   - CVE-2022-1131: Use after free in Cast UI
   - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
   - CVE-2022-1133: Use after free in WebRTC
   - CVE-2022-1134: Type Confusion in V8
   - CVE-2022-1135: Use after free in Shopping Cart
   - CVE-2022-1136: Use after free in Tab Strip
   - CVE-2022-1137: Inappropriate implementation in Extensions
   - CVE-2022-1138: Inappropriate implementation in Web Cursor
   - CVE-2022-1139: Inappropriate implementation in Background Fetch API
   - CVE-2022-1141: Use after free in File Manager
   - CVE-2022-1142: Heap buffer overflow in WebUI
   - CVE-2022-1143: Heap buffer overflow in WebUI
   - CVE-2022-1144: Use after free in WebUI
   - CVE-2022-1145: Use after free in Extensions
   - CVE-2022-1146: Inappropriate implementation in Resource Timing


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-112=1

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-112=1



Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      nodejs14-14.18.3-15.24.1
      nodejs14-debuginfo-14.18.3-15.24.1
      nodejs14-debugsource-14.18.3-15.24.1
      nodejs14-devel-14.18.3-15.24.1
      npm14-14.18.3-15.24.1

   - openSUSE Leap 15.3 (noarch):

      nodejs14-docs-14.18.3-15.24.1

   - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):

      chromedriver-100.0.4896.88-bp153.2.82.1
      chromedriver-debuginfo-100.0.4896.88-bp153.2.82.1
      chromium-100.0.4896.88-bp153.2.82.1
      chromium-debuginfo-100.0.4896.88-bp153.2.82.1


References:

   https://www.suse.com/security/cve/CVE-2021-44531.html
   https://www.suse.com/security/cve/CVE-2021-44532.html
   https://www.suse.com/security/cve/CVE-2021-44533.html
   https://www.suse.com/security/cve/CVE-2022-1125.html
   https://www.suse.com/security/cve/CVE-2022-1127.html
   https://www.suse.com/security/cve/CVE-2022-1128.html
   https://www.suse.com/security/cve/CVE-2022-1129.html
   https://www.suse.com/security/cve/CVE-2022-1130.html
   https://www.suse.com/security/cve/CVE-2022-1131.html
   https://www.suse.com/security/cve/CVE-2022-1132.html
   https://www.suse.com/security/cve/CVE-2022-1133.html
   https://www.suse.com/security/cve/CVE-2022-1134.html
   https://www.suse.com/security/cve/CVE-2022-1135.html
   https://www.suse.com/security/cve/CVE-2022-1136.html
   https://www.suse.com/security/cve/CVE-2022-1137.html
   https://www.suse.com/security/cve/CVE-2022-1138.html
   https://www.suse.com/security/cve/CVE-2022-1139.html
   https://www.suse.com/security/cve/CVE-2022-1141.html
   https://www.suse.com/security/cve/CVE-2022-1142.html
   https://www.suse.com/security/cve/CVE-2022-1143.html
   https://www.suse.com/security/cve/CVE-2022-1144.html
   https://www.suse.com/security/cve/CVE-2022-1145.html
   https://www.suse.com/security/cve/CVE-2022-1146.html
   https://www.suse.com/security/cve/CVE-2022-1232.html
   https://www.suse.com/security/cve/CVE-2022-1305.html
   https://www.suse.com/security/cve/CVE-2022-1306.html
   https://www.suse.com/security/cve/CVE-2022-1307.html
   https://www.suse.com/security/cve/CVE-2022-1308.html
   https://www.suse.com/security/cve/CVE-2022-1309.html
   https://www.suse.com/security/cve/CVE-2022-1310.html
   https://www.suse.com/security/cve/CVE-2022-1311.html
   https://www.suse.com/security/cve/CVE-2022-1312.html
   https://www.suse.com/security/cve/CVE-2022-1313.html
   https://www.suse.com/security/cve/CVE-2022-1314.html
   https://www.suse.com/security/cve/CVE-2022-21824.html
   https://bugzilla.suse.com/1194511
   https://bugzilla.suse.com/1194512
   https://bugzilla.suse.com/1194513
   https://bugzilla.suse.com/1194514
   https://bugzilla.suse.com/1197680
   https://bugzilla.suse.com/1198053
   https://bugzilla.suse.com/1198361

openSUSE: 2022:0112-1 important: chromium

April 13, 2022
An update that fixes 35 vulnerabilities is now available

Description

This update for chromium fixes the following issues: Updated to Chromium 100.0.4896.88 (boo#1198361) - CVE-2022-1305: Use after free in storage - CVE-2022-1306: Inappropriate implementation in compositing - CVE-2022-1307: Inappropriate implementation in full screen - CVE-2022-1308: Use after free in BFCache - CVE-2022-1309: Insufficient policy enforcement in developer tools - CVE-2022-1310: Use after free in regular expressions - CVE-2022-1311: Use after free in Chrome OS shell - CVE-2022-1312: Use after free in storage - CVE-2022-1313: Use after free in tab groups - CVE-2022-1314: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives Updated to version 100.0.4896.75: - CVE-2022-1232: Type Confusion in V8 (boo#1198053) Update to version 100.0.4896.60 (boo#1197680): - CVE-2022-1125: Use after free in Portals - CVE-2022-1127: Use after free in QR Code Generator - CVE-2022-1128: Inappropriate implementation in Web Share API - CVE-2022-1129: Inappropriate implementation in Full Screen Mode - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP - CVE-2022-1131: Use after free in Cast UI - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard - CVE-2022-1133: Use after free in WebRTC - CVE-2022-1134: Type Confusion in V8 - CVE-2022-1135: Use after free in Shopping Cart - CVE-2022-1136: Use after free in Tab Strip - CVE-2022-1137: Inappropriate implementation in Extensions - CVE-2022-1138: Inappropriate implementation in Web Cursor - CVE-2022-1139: Inappropriate implementation in Background Fetch API - CVE-2022-1141: Use after free in File Manager - CVE-2022-1142: Heap buffer overflow in WebUI - CVE-2022-1143: Heap buffer overflow in WebUI - CVE-2022-1144: Use after free in WebUI - CVE-2022-1145: Use after free in Extensions - CVE-2022-1146: Inappropriate implementation in Resource Timing

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-112=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-112=1


Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.3-15.24.1 nodejs14-debuginfo-14.18.3-15.24.1 nodejs14-debugsource-14.18.3-15.24.1 nodejs14-devel-14.18.3-15.24.1 npm14-14.18.3-15.24.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.18.3-15.24.1 - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-100.0.4896.88-bp153.2.82.1 chromedriver-debuginfo-100.0.4896.88-bp153.2.82.1 chromium-100.0.4896.88-bp153.2.82.1 chromium-debuginfo-100.0.4896.88-bp153.2.82.1


References

https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-1125.html https://www.suse.com/security/cve/CVE-2022-1127.html https://www.suse.com/security/cve/CVE-2022-1128.html https://www.suse.com/security/cve/CVE-2022-1129.html https://www.suse.com/security/cve/CVE-2022-1130.html https://www.suse.com/security/cve/CVE-2022-1131.html https://www.suse.com/security/cve/CVE-2022-1132.html https://www.suse.com/security/cve/CVE-2022-1133.html https://www.suse.com/security/cve/CVE-2022-1134.html https://www.suse.com/security/cve/CVE-2022-1135.html https://www.suse.com/security/cve/CVE-2022-1136.html https://www.suse.com/security/cve/CVE-2022-1137.html https://www.suse.com/security/cve/CVE-2022-1138.html https://www.suse.com/security/cve/CVE-2022-1139.html https://www.suse.com/security/cve/CVE-2022-1141.html https://www.suse.com/security/cve/CVE-2022-1142.html https://www.suse.com/security/cve/CVE-2022-1143.html https://www.suse.com/security/cve/CVE-2022-1144.html https://www.suse.com/security/cve/CVE-2022-1145.html https://www.suse.com/security/cve/CVE-2022-1146.html https://www.suse.com/security/cve/CVE-2022-1232.html https://www.suse.com/security/cve/CVE-2022-1305.html https://www.suse.com/security/cve/CVE-2022-1306.html https://www.suse.com/security/cve/CVE-2022-1307.html https://www.suse.com/security/cve/CVE-2022-1308.html https://www.suse.com/security/cve/CVE-2022-1309.html https://www.suse.com/security/cve/CVE-2022-1310.html https://www.suse.com/security/cve/CVE-2022-1311.html https://www.suse.com/security/cve/CVE-2022-1312.html https://www.suse.com/security/cve/CVE-2022-1313.html https://www.suse.com/security/cve/CVE-2022-1314.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 https://bugzilla.suse.com/1197680 https://bugzilla.suse.com/1198053 https://bugzilla.suse.com/1198361


Severity
Announcement ID: openSUSE-SU-2022:0112-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Leap 15.3 .

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved