openSUSE: 2022:10119-1 important: chromium
Description
This update for chromium fixes the following issues: Chromium 105.0.5195.102 (boo#1203102): * CVE-2022-3075: Insufficient data validation in Mojo Chromium 105.0.5195.52 (boo#1202964): * CVE-2022-3038: Use after free in Network Service * CVE-2022-3039: Use after free in WebSQL * CVE-2022-3040: Use after free in Layout * CVE-2022-3041: Use after free in WebSQL * CVE-2022-3042: Use after free in PhoneHub * CVE-2022-3043: Heap buffer overflow in Screen Capture * CVE-2022-3044: Inappropriate implementation in Site Isolation * CVE-2022-3045: Insufficient validation of untrusted input in V8 * CVE-2022-3046: Use after free in Browser Tag * CVE-2022-3071: Use after free in Tab Strip * CVE-2022-3047: Insufficient policy enforcement in Extensions API * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen * CVE-2022-3049: Use after free in SplitScreen * CVE-2022-3050: Heap buffer overflow in WebUI * CVE-2022-3051: Heap buffer overflow in Exosphere * CVE-2022-3052: Heap buffer overflow in Window Manager * CVE-2022-3053: Inappropriate implementation in Pointer Lock * CVE-2022-3054: Insufficient policy enforcement in DevTools * CVE-2022-3055: Use after free in Passwords * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy * CVE-2022-3057: Inappropriate implementation in iframe Sandbox * CVE-2022-3058: Use after free in Sign-In Flow - Update chromium-symbolic.svg: this fixes boo#1202403. - Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
Patch
Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10119=1
Package List
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-105.0.5195.102-bp154.2.26.1 chromium-105.0.5195.102-bp154.2.26.1
References
https://www.suse.com/security/cve/CVE-2022-3038.html https://www.suse.com/security/cve/CVE-2022-3039.html https://www.suse.com/security/cve/CVE-2022-3040.html https://www.suse.com/security/cve/CVE-2022-3041.html https://www.suse.com/security/cve/CVE-2022-3042.html https://www.suse.com/security/cve/CVE-2022-3043.html https://www.suse.com/security/cve/CVE-2022-3044.html https://www.suse.com/security/cve/CVE-2022-3045.html https://www.suse.com/security/cve/CVE-2022-3046.html https://www.suse.com/security/cve/CVE-2022-3047.html https://www.suse.com/security/cve/CVE-2022-3048.html https://www.suse.com/security/cve/CVE-2022-3049.html https://www.suse.com/security/cve/CVE-2022-3050.html https://www.suse.com/security/cve/CVE-2022-3051.html https://www.suse.com/security/cve/CVE-2022-3052.html https://www.suse.com/security/cve/CVE-2022-3053.html https://www.suse.com/security/cve/CVE-2022-3054.html https://www.suse.com/security/cve/CVE-2022-3055.html https://www.suse.com/security/cve/CVE-2022-3056.html https://www.suse.com/security/cve/CVE-2022-3057.html https://www.suse.com/security/cve/CVE-2022-3058.html https://www.suse.com/security/cve/CVE-2022-3071.html https://www.suse.com/security/cve/CVE-2022-3075.html https://bugzilla.suse.com/1202403 https://bugzilla.suse.com/1202964 https://bugzilla.suse.com/1203102
