openSUSE-SU-2022:10119-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10119-1
Rating: important
References: #1202403 #1202964 #1203102
Cross-References: CVE-2022-3038 CVE-2022-3039 CVE-2022-3040
CVE-2022-3041 CVE-2022-3042 CVE-2022-3043
CVE-2022-3044 CVE-2022-3045 CVE-2022-3046
CVE-2022-3047 CVE-2022-3048 CVE-2022-3049
CVE-2022-3050 CVE-2022-3051 CVE-2022-3052
CVE-2022-3053 CVE-2022-3054 CVE-2022-3055
CVE-2022-3056 CVE-2022-3057 CVE-2022-3058
CVE-2022-3071 CVE-2022-3075
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 23 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 105.0.5195.102 (boo#1203102):
* CVE-2022-3075: Insufficient data validation in Mojo
Chromium 105.0.5195.52 (boo#1202964):
* CVE-2022-3038: Use after free in Network Service
* CVE-2022-3039: Use after free in WebSQL
* CVE-2022-3040: Use after free in Layout
* CVE-2022-3041: Use after free in WebSQL
* CVE-2022-3042: Use after free in PhoneHub
* CVE-2022-3043: Heap buffer overflow in Screen Capture
* CVE-2022-3044: Inappropriate implementation in Site Isolation
* CVE-2022-3045: Insufficient validation of untrusted input in V8
* CVE-2022-3046: Use after free in Browser Tag
* CVE-2022-3071: Use after free in Tab Strip
* CVE-2022-3047: Insufficient policy enforcement in Extensions API
* CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
* CVE-2022-3049: Use after free in SplitScreen
* CVE-2022-3050: Heap buffer overflow in WebUI
* CVE-2022-3051: Heap buffer overflow in Exosphere
* CVE-2022-3052: Heap buffer overflow in Window Manager
* CVE-2022-3053: Inappropriate implementation in Pointer Lock
* CVE-2022-3054: Insufficient policy enforcement in DevTools
* CVE-2022-3055: Use after free in Passwords
* CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
* CVE-2022-3057: Inappropriate implementation in iframe Sandbox
* CVE-2022-3058: Use after free in Sign-In Flow
- Update chromium-symbolic.svg: this fixes boo#1202403.
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10119=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-105.0.5195.102-bp154.2.26.1
chromium-105.0.5195.102-bp154.2.26.1
References:
https://www.suse.com/security/cve/CVE-2022-3038.html
https://www.suse.com/security/cve/CVE-2022-3039.html
https://www.suse.com/security/cve/CVE-2022-3040.html
https://www.suse.com/security/cve/CVE-2022-3041.html
https://www.suse.com/security/cve/CVE-2022-3042.html
https://www.suse.com/security/cve/CVE-2022-3043.html
https://www.suse.com/security/cve/CVE-2022-3044.html
https://www.suse.com/security/cve/CVE-2022-3045.html
https://www.suse.com/security/cve/CVE-2022-3046.html
https://www.suse.com/security/cve/CVE-2022-3047.html
https://www.suse.com/security/cve/CVE-2022-3048.html
https://www.suse.com/security/cve/CVE-2022-3049.html
https://www.suse.com/security/cve/CVE-2022-3050.html
https://www.suse.com/security/cve/CVE-2022-3051.html
https://www.suse.com/security/cve/CVE-2022-3052.html
https://www.suse.com/security/cve/CVE-2022-3053.html
https://www.suse.com/security/cve/CVE-2022-3054.html
https://www.suse.com/security/cve/CVE-2022-3055.html
https://www.suse.com/security/cve/CVE-2022-3056.html
https://www.suse.com/security/cve/CVE-2022-3057.html
https://www.suse.com/security/cve/CVE-2022-3058.html
https://www.suse.com/security/cve/CVE-2022-3071.html
https://www.suse.com/security/cve/CVE-2022-3075.html
https://bugzilla.suse.com/1202403
https://bugzilla.suse.com/1202964
https://bugzilla.suse.com/1203102
A chromium security update has been released for SUSE Linux Enterprise 15 SP4.
