SUSE Package Hub - openSUSE-2022-10099

Update Info

openSUSE-2022-10099

Security update for chromium

Type: security

Severity: important

Issued: 2022-08-25

Description:

This update for chromium fixes the following issues:

Chromium 104.0.5112.101 (boo#1202509):

* CVE-2022-2852: Use after free in FedCM
* CVE-2022-2854: Use after free in SwiftShader
* CVE-2022-2855: Use after free in ANGLE
* CVE-2022-2857: Use after free in Blink
* CVE-2022-2858: Use after free in Sign-In Flow
* CVE-2022-2853: Heap buffer overflow in Downloads
* CVE-2022-2856: Insufficient validation of untrusted input in Intents
* CVE-2022-2859: Use after free in Chrome OS Shell
* CVE-2022-2860: Insufficient policy enforcement in Cookies
* CVE-2022-2861: Inappropriate implementation in Extensions API

- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)

References

CVE: CVE-2022-2861
CVE: CVE-2022-2860
CVE: CVE-2022-2859
CVE: CVE-2022-2858
CVE: CVE-2022-2857
CVE: CVE-2022-2856
CVE: CVE-2022-2855
CVE: CVE-2022-2854
CVE: CVE-2022-2853
CVE: CVE-2022-2852
Bugzilla: 1202509 VUL-0: chromium: multiple security issues fixed in 104.0.5112.101

Packages

chromium-104.0.5112.101-bp154.2.23.1